EP4135376A1 - Procédé et dispositif de communication sécurisée - Google Patents

Procédé et dispositif de communication sécurisée Download PDF

Info

Publication number
EP4135376A1
EP4135376A1 EP21796960.9A EP21796960A EP4135376A1 EP 4135376 A1 EP4135376 A1 EP 4135376A1 EP 21796960 A EP21796960 A EP 21796960A EP 4135376 A1 EP4135376 A1 EP 4135376A1
Authority
EP
European Patent Office
Prior art keywords
trustworthiness
information
request message
user identifier
level
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP21796960.9A
Other languages
German (de)
English (en)
Other versions
EP4135376A4 (fr
Inventor
Yan Zhou
Chengdong He
Qingchun Lin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN202010389032.0A external-priority patent/CN113645621B/zh
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of EP4135376A1 publication Critical patent/EP4135376A1/fr
Publication of EP4135376A4 publication Critical patent/EP4135376A4/fr
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/75Temporary identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/037Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/086Access security using security domains

Definitions

  • This application relates to the field of communication technologies, and in particular, to a secure communication method and an apparatus.
  • a terminal device may communicate with one or more core devices via an access device in a radio access network. For example, when the terminal device communicates with an application server, a message sent by the terminal device may pass through a plurality of core devices such as a first network function (network function, NF), a second NF, or a third NF, and arrive at the application server.
  • NF network function
  • NF network function
  • 5th generation 5th-generation, 5G
  • 5G 5th-generation
  • This application provides a secure communication method and an apparatus, to effectively improve security of information exchange between a terminal device and an NF.
  • this application provides a secure communication method.
  • the method includes: a first network function (network function, NF) sends a first request message to a third NF, where the first request message carries first pseudonym information of a first user identifier of a terminal device; the third NF determines a trustworthiness attribute of the first user identifier in response to the first request message; and if the trustworthiness attribute of the first user identifier meets a preset condition, the third NF sends a first response message to the first NF, where the first response message carries second pseudonym information of the first user identifier.
  • NF network function
  • That the trustworthiness attribute of the first user identifier meets a preset condition above may also be understood as that a trustworthiness attribute of the terminal device meets a preset condition.
  • the first user identifier may exist in a form of a pseudonym between different NFs, so that the first user identifier is prevented from, for example, being tampered with or intercepted by an untrustworthy or insecure NF, the first user identifier is effectively protected, and security of the first user identifier is improved.
  • that the third NF sends a first response message to the first NF includes: If a trustworthiness level of the first NF matches a preset level, the third NF sends the first response message to the first NF.
  • the preset level is used to measure trustworthiness levels of different NFs.
  • the trustworthiness levels include a strong trustworthiness level, a weak trustworthiness level, and an untrustworthiness level
  • the preset level may be the weak trustworthiness level, or the untrustworthiness level.
  • the trustworthiness levels include a high trustworthiness level, a low trustworthiness level, and an untrustworthiness level
  • the preset level may be the low trustworthiness level or the untrustworthiness level.
  • the third NF may send pseudonym information (that is, the second pseudonym information) of the first user identifier to the first NF.
  • the method further includes: If the trustworthiness level of the first NF does not match the preset level, the third NF sends, to the first NF, a response message carrying the first user identifier.
  • the third NF can trust the first NF, and therefore may send a real user identifier such as the first user identifier to the first NF.
  • that the third NF sends a first response message to the first NF includes: If a trustworthiness level of a security domain in which the first NF is located matches a preset level, the third NF sends the first response message to the first NF.
  • trustworthiness levels of different NFs may be distinguished, and trustworthiness levels of different security domains may also be distinguished.
  • a first security domain, a second security domain, and the like may be distinguished, and a trustworthiness level of the first security domain is different from a trustworthiness level of the second security domain.
  • the third NF may send the second pseudonym information of the first user identifier to the first NF.
  • the third NF may send a real user identifier such as the first user identifier to the first NF.
  • that the third NF determines a trustworthiness attribute of the first user identifier includes: the third NF determines the trustworthiness attribute of the first user identifier based on a subscription level of the first user identifier; or the third NF determines the trustworthiness attribute of the first user identifier based on a session attribute of the first user identifier; or the third NF determines the trustworthiness attribute of the first user identifier based on an industry requirement of the first user identifier.
  • the subscription level, the session attribute, the industry requirement, or the like of the first user identifier above may also be understood as a subscription level, a session attribute, an industry requirement, or the like of the terminal device.
  • the trustworthiness attribute of the first user identifier may be used to indicate whether the first user identifier needs to be pseudonymized. Alternatively, the trustworthiness attribute of the first user identifier may be used to indicate whether the first user identifier needs to be protected and so on.
  • the method before that the third NF sends a first response message to the first NF, the method further includes: The third NF obtains the first user identifier based on the first pseudonym information, and generates the second pseudonym information based on the first user identifier.
  • the third NF may obtain the first user identifier based on a correspondence between the first user identifier and the first pseudonym information, and the first pseudonym information.
  • the third NF stores the correspondence between the first user identifier and the first pseudonym information.
  • the correspondence may also be understood as a mapping relationship or the like. This is not limited in this embodiment of this application.
  • the method further includes: The third NF stores a correspondence between the second pseudonym information and the first user identifier.
  • the method before that the third NF sends a first response message to the first NF, the method further includes: the third NF sends a second request message to a fourth NF, where the second request message carries the first pseudonym information; in response to the second request message, the fourth NF obtains the first user identifier based on the first pseudonym information, and generates the second pseudonym information based on the first user identifier; and the fourth NF sends the second pseudonym information to the third NF, and the third NF receives the second pseudonym information.
  • the fourth NF may also store the correspondence between the first user identifier and the first pseudonym information. Therefore, after the third NF determines that the trustworthiness attribute of the first user identifier meets the preset condition, the third NF requests the second pseudonym information from the fourth NF.
  • the third NF determines the trustworthiness attribute of the first user identifier.
  • the fourth NF may also store the subscription level or the like of the first user identifier.
  • the first NF may further send the first request message to the fourth NF, and the fourth NF sends the first response message to the first NF when the fourth NF determines the trustworthiness attribute of the first user identifier and when the trustworthiness attribute of the first user identifier meets the preset condition.
  • this application provides a secure communication method.
  • the method includes: a first NF sends a first request message to a third NF, where the first request message carries first pseudonym information of a first user identifier of a terminal device; and the first NF receives a first response message from the third NF, where the first response message carries second pseudonym information of the first user identifier.
  • the first NF may generate a root key (Kamf) based on the second pseudonym information carried in the first response message.
  • Kamf root key
  • the first response message may further carry the root key.
  • the terminal device may generate the root key based on the first user identifier. It is ensured that the terminal device is not affected. Therefore, a key derivation algorithm 1 (for example, a KDF1) used by the third NF (or the fourth NF) to generate the second pseudonym information based on the first user identifier and a key derivation algorithm 2 (for example, a KDF2) used by the third NF (or the fourth NF) to generate the root key based on the second pseudonym information need to meet the following condition: The root key generated by the third NF (or the fourth NF) is the same as the root key generated by the terminal device.
  • a key derivation algorithm 1 for example, a KDF1
  • a key derivation algorithm 2 for example, a KDF2
  • the root key generated by the third NF (or the fourth NF) is the same as the root key generated by the terminal device.
  • the first response message may further carry third indication information, and the third indication information is used to indicate the first NF to generate the root key based on the second pseudonym information.
  • the root key generated by the terminal device based on the first user identifier also needs to be the same as the root key generated by the first NF based on the second pseudonym information.
  • the terminal device may still generate the root key based on the first user identifier.
  • An embodiment of this application further provides a method. For example, the terminal device generates the root key based on the second pseudonym information. Details are described as follows:
  • the first response message further carries first indication information and/or second indication information, the first indication information is used to indicate to generate the second pseudonym information and/or a root key, and the second indication information is used to indicate to generate a user plane key.
  • the method further includes: if the first response message carries the first indication information, the first NF generates the root key based on the second pseudonym information; and the first NF sends the first indication information to the terminal device.
  • the first indication information may be used to indicate the terminal device to generate the second pseudonym information.
  • the first indication information may be used to indicate the terminal device to generate the root key based on the second pseudonym information.
  • the method further includes: if the first response message carries the second indication information, the first NF generates the user plane key based on the second pseudonym information; and the first NF sends the second indication information to the terminal device.
  • the second indication information may be used to indicate the terminal device to generate the user plane key.
  • the method further includes: The first NF sends the user plane key to a user plane function.
  • the user plane function may interact with the terminal device based on the user plane key.
  • the user plane key is obtained based on the second pseudonym information. Therefore, not only the first user identifier is protected, but also data between the terminal device and the user plane function is protected based on the user plane key. This improves security of information exchange.
  • this application provides a secure communication method.
  • the method includes: a third NF receives a first request message from a first NF, where the first request message carries first pseudonym information of a first user identifier of a terminal device; the third NF determines a trustworthiness attribute of the first user identifier in response to the first request message; and if the trustworthiness attribute of the first user identifier meets a preset condition, the third NF sends a first response message to the first NF, where the first response message carries second pseudonym information of the first user identifier.
  • that the third NF sends a first response message to the first NF includes: If a trustworthiness level of the first NF matches a preset level, the third NF sends the first response message to the first NF.
  • the method further includes: If the trustworthiness level of the first NF does not match the preset level, the third NF sends, to the first NF, a response message carrying the first user identifier.
  • that the third NF sends a first response message to the first NF includes: If a trustworthiness level of a security domain in which the first NF is located matches a preset level, the third NF sends the first response message to the first NF.
  • that the third NF determines a trustworthiness attribute of the first user identifier includes: the third NF determines the trustworthiness attribute of the first user identifier based on a subscription level of the first user identifier; or the third NF determines the trustworthiness attribute of the first user identifier based on a session attribute of the first user identifier; or the third NF determines the trustworthiness attribute of the first user identifier based on an industry requirement of the first user identifier.
  • the method before that the third NF sends a first response message to the first NF, the method further includes: The third NF obtains the first user identifier based on the first pseudonym information, and generates the second pseudonym information based on the first user identifier.
  • the method further includes: The third NF stores a correspondence between the second pseudonym information and the first user identifier.
  • the method before that the third NF sends a first response message to the first NF, the method further includes: the third NF sends a second request message to a fourth NF, where the second request message carries the first pseudonym information; and the third NF receives the second pseudonym information from the fourth NF.
  • the fourth NF may receive the first pseudonym information of the first user identifier of the terminal device, and then determine the trustworthiness attribute of the first user identifier; and if the trustworthiness attribute of the first user identifier meets the preset condition, the fourth NF may send the second pseudonym information.
  • the fourth NF may directly receive the first request message from the first NF, or the fourth NF may receive a request message from the third NF.
  • the fourth NF may further generate the second pseudonym information, and store the correspondence between the second pseudonym information and the first user identifier.
  • this application provides a secure communication method.
  • the method includes: a fourth NF receives a second request message from a third NF, where the second request message carries first pseudonym information of a first user identifier of a terminal device; in response to the second request message, the fourth NF obtains the first user identifier based on the first pseudonym information, and generates second pseudonym information based on the first user identifier; and the fourth NF sends the second pseudonym information to the third NF.
  • the fourth NF stores a correspondence between the second pseudonym information and the first user identifier.
  • this application provides a secure communication method.
  • the method includes: a terminal device receives first indication information sent by a first NF, where the first indication information is used to indicate the terminal device to generate second pseudonym information and/or a root key; the terminal device generates the second pseudonym information based on a first user identifier; the terminal device generates the root key based on the second pseudonym information; and the terminal device generates an access stratum key and/or a non-access stratum key based on the root key, where the access stratum key is used to protect data and/or signaling between the terminal device and an access device, and the non-access stratum key is used to protect data and/or signaling between the terminal device and the first NF.
  • this application provides a secure communication method.
  • the method includes: a terminal device receives second indication information sent by a first NF, where the second indication information is used to indicate the terminal device to generate a user plane key; the terminal device generates second pseudonym information based on a first user identifier; the terminal device generates a root key based on the second pseudonym information; and the terminal device generates the user plane key based on the root key, where the user plane key is used to protect data between the terminal device and a user plane function.
  • this application provides a secure communication method.
  • the method includes: a first network function (network function, NF) sends a third request message to a network repository function (network function repository function, NRF), where the third request message carries a trustworthiness level; in response to the third request message, the NRF determines a second NF based on the trustworthiness level; and the NRF sends identification information of the second NF to the first NF.
  • network function network function
  • NRF network function repository function
  • the NRF may determine the second NF based on a stored correspondence between identification information of an NF and a trustworthiness level of the NF.
  • the NRF may store a correspondence between identification information of one or more NFs and a trustworthiness level of the one or more NFs.
  • the NRF determines the second NF based on the trustworthiness level, so that the first NF can receive the identification information of the second NF. Therefore, the first NF may interact with an NF (that is, the second NF) corresponding to the trustworthiness level.
  • a requirement of a user identifier corresponding to a terminal device on the trustworthiness level can be met.
  • the first NF exchanges data and/or signaling with an NF (for example, the second NF) with a high trustworthiness level. This improves security of exchange between the first NF and the second NF.
  • the method before that the NRF determines a second NF based on the trustworthiness level, the method further includes: the NRF receives a registration request message sent by the second NF, where the registration request message carries a trustworthiness level of the second NF; and the NRF stores a correspondence between the identification information of the second NF and the trustworthiness level of the second NF.
  • the NRF may receive a registration request message sent by one or more NFs, where the registration request message carries a trustworthiness level of the NF; and the NRF may store a correspondence between identification information of the one or more NFs and the trustworthiness level of the one or more NFs, where the one or more NFs include the second NF.
  • that the NRF determines a second NF based on the trustworthiness level includes: The NRF determines the second NF based on the stored correspondence between the identification information of the second NF and the trustworthiness level of the second NF, and the trustworthiness level carried in the third request message.
  • the NRF stores a correspondence between identification information of one or more NFs and a trustworthiness level of the one or more NFs. Therefore, the NRF may determine the second NF based on the stored correspondence and the trustworthiness level carried in the third message. In other words, the NRF may obtain, from the stored correspondence, the second NF corresponding to the trustworthiness level (that is, the trustworthiness level carried in the third message).
  • the method further includes: The NRF preconfigures a trustworthiness level of one or more NFs; and stores a correspondence between identification information and the trustworthiness level of the one or more NFs.
  • the NRF may further determine the second NF based on preconfiguration information and the trustworthiness level (that is, the trustworthiness level carried in the third message), where the preconfiguration information includes the correspondence between the identification information of the one or more NFs and the trustworthiness level of the one or more NFs.
  • the method before that a first NF sends a third request message to an NRF, the method further includes: The first NF obtains a trustworthiness attribute of a first user identifier from a third NF; and determines the trustworthiness level based on the trustworthiness attribute of the first user identifier.
  • the trustworthiness level carried in the third request message may be determined based on the trustworthiness attribute of the first user identifier. For example, if the trustworthiness attribute of the first user identifier meets a preset condition, the trustworthiness level is higher.
  • the trustworthiness attribute of the first user identifier refer to the method described in the first aspect. Details are not described herein again.
  • the method before that a first NF sends a third request message to an NRF, the method further includes: the first NF sends a fourth request message to an NSSF, where the fourth request message carries identification information of a first slice; and the NSSF sends a fourth response message to the first NF, where the fourth response message carries a trustworthiness level of the first slice.
  • the identification information of the first slice may be from the terminal device.
  • the terminal device sends a related request message to the first NF
  • the related request message may carry the identification information of the first slice.
  • the method before that the NSSF sends a fourth response message to the first NF, the method further includes: The NSSF determines the trustworthiness level of the first slice based on first preconfiguration information and the identification information of the first slice, where the first preconfiguration information includes a correspondence between the trustworthiness level of the first slice and the identification information of the first slice.
  • the first preconfiguration information may be configured by an operator, another NF, or the like. This is not limited in this application.
  • the first preconfiguration information may store identification information of a slice and a trustworthiness level of the slice.
  • the first preconfiguration information may store a correspondence between identification information and a trustworthiness level of one or more slices.
  • that the third request message carries a trustworthiness level includes: the third request message carries the trustworthiness level of the first slice, and the third request message further carries the identification information of the first slice.
  • That the NRF determines a second NF based on the trustworthiness level includes: The NRF determines, based on the identification information of the first slice, a second NF set corresponding to the first slice; and determines the second NF from the second NF set based on a stored correspondence between identification information of an NF and a trustworthiness level of the NF, and the trustworthiness level of the first slice.
  • the NRF may determine, from the second NF set based on a stored correspondence between identification information and a trustworthiness level of one or more NFs, the second NF corresponding to the trustworthiness level of the first slice.
  • the method before that a first NF sends a third request message to an NRF, the method further includes: the first NF sends a fourth request message to an NSSF, where the fourth request message carries identification information of a first slice; and the NSSF sends a fourth response message to the first NF, where the fourth response message carries identification information of a second NF set and a trustworthiness level of the second NF set, and the second NF set is an NF set corresponding to the first slice.
  • the method before that the NSSF sends a fourth response message to the first NF, the method further includes: The NSSF determines the trustworthiness level of the second NF set based on second preconfiguration information and the identification information of the first slice, where the second preconfiguration information includes a correspondence between the identification information of the second NF set and the trustworthiness level of the second NF set.
  • the second preconfiguration information may further include a correspondence between the identification information of the first slice and the identification information of the second NF set
  • the NSSF may determine, from the correspondence, the second NF set corresponding to the first slice, and then determine, from the correspondence, the trustworthiness level corresponding to the second NF set.
  • the second preconfiguration information may store a correspondence between one or more slices and an NF set, and a correspondence between one or more NF sets and a trustworthiness level.
  • that the third request message carries a trustworthiness level includes: the third request message carries the trustworthiness level of the second NF set, and the third request message further carries the identification information of the second NF set.
  • That the NRF determines a second NF based on the trustworthiness level includes: The NRF determines the second NF from the second NF set based on a stored correspondence between identification information of an NF and a trustworthiness level of the NF, and the trustworthiness level of the second NF set.
  • That the NRF determines a second NF based on the trustworthiness level includes: The NRF determines the second NF from the second NF set based on a stored correspondence between identification information of an NF and a trustworthiness level of the NF, a correspondence between the identification information of the NF and identification information of a set to which the NF belongs, the trustworthiness level of the second NF set, and the identification information of the second NF set.
  • the NRF may obtain, based on the stored correspondence between the identification information of the NF and the identification information of the set to which the NF belongs, and the identification information of the second NF set, one or more NFs corresponding to the second NF set; obtain a trustworthiness level of the one or more NFs based on the stored correspondence between the identification information of the NF and the trustworthiness level of the NF; and determine the second NF from the one or more NFs based on the trustworthiness level of the second NF set and the trustworthiness level corresponding to the one or more NFs.
  • a quantity of NFs included in the second NF set is not limited in this embodiment of this application.
  • the second NF set may include one NF, or the second NF set may include a plurality of NFs.
  • the second NF set includes the second NF.
  • the trustworthiness level of the second NF is equal to or higher than the trustworthiness level carried in the third request message.
  • this application provides a secure communication method.
  • the method includes: a first NF sends a third request message to an NRF, where the third request message carries a trustworthiness level; the first NF receives a third response message from the NRF, where the third response message carries identification information of a second NF; and the first NF exchanges data and/or signaling with the second NF.
  • the method before that a first NF sends a third request message to an NRF, the method further includes: The first NF obtains a trustworthiness attribute of a first user identifier from a third NF; and determines the trustworthiness level based on the trustworthiness attribute of the first user identifier.
  • the method before that a first NF sends a third request message to an NRF, the method further includes: the first NF sends a fourth request message to an NSSF, where the fourth request message carries identification information of a first slice; and the first NF receives a fourth response message from the NSSF, where the fourth response message carries a trustworthiness level of the first slice, or the fourth response message carries a trustworthiness level of a second NF set.
  • the third request message when the fourth response message carries the trustworthiness level of the first slice, the third request message carries the trustworthiness level of the first slice and the identification information of the first slice; or when the fourth response message carries the trustworthiness level of the second NF set, the third request message carries the trustworthiness level of the second NF set and identification information of the second NF set.
  • the method further includes: The first NF sends a registration request message to the NRF, where the registration request message carries a trustworthiness level of the first NF.
  • the registration request message may further carry identification information of an NF set to which the first NF belongs.
  • this application provides a secure communication method.
  • the method includes: an NRF receives a third request message from a first NF, where the third request message carries a trustworthiness level; in response to the third request message, the NRF determines a second NF based on the trustworthiness level; and the NRF sends a third response message to the first NF, where the third response message carries identification information of the second NF.
  • the method before that the NRF determines a second NF based on the trustworthiness level, the method further includes: the NRF receives a registration request message sent by the second NF, where the registration request message carries a trustworthiness level of the second NF; and the NRF stores a correspondence between the identification information of the second NF and the trustworthiness level of the second NF.
  • the registration request message may further carry identification information of an NF set to which the second NF belongs.
  • that the NRF determines a second NF based on the trustworthiness level includes: The NRF determines the second NF based on the stored correspondence between the identification information of the second NF and the trustworthiness level of the second NF, and the trustworthiness level carried in the third request message.
  • that the third request message carries a trustworthiness level includes: the third request message carries a trustworthiness level of a first slice, and the third request message further carries identification information of the first slice.
  • That the NRF determines a second NF based on the trustworthiness level includes: The NRF determines, based on the identification information of the first slice, a second NF set corresponding to the first slice; and determines the second NF from the second NF set based on a stored correspondence between identification information of an NF and a trustworthiness level of the NF, and the trustworthiness level of the first slice.
  • that the third request message carries a trustworthiness level includes: the third request message carries a trustworthiness level of a second NF set, and the third request message further carries identification information of the second NF set. That the NRF determines a second NF based on the trustworthiness level includes: The NRF determines the second NF from the second NF set based on a stored correspondence between identification information of an NF and a trustworthiness level of the NF, and the trustworthiness level of the second NF set.
  • That the NRF determines a second NF based on the trustworthiness level includes: The NRF determines the second NF from the second NF set based on a stored correspondence between identification information of an NF and a trustworthiness level of the NF, a correspondence between the identification information of the NF and identification information of a set to which the NF belongs, the trustworthiness level of the second NF set, and the identification information of the second NF set.
  • the method further includes: The NRF receives a registration request message from the first NF, where the registration request message carries a trustworthiness level of the first NF; and the NRF stores a correspondence between identification information of the first NF and the trustworthiness level of the first NF.
  • the registration request message may further carry identification information of an NF set to which the first NF belongs.
  • this application provides a secure communication method.
  • the method includes: an NSSF receives a fourth request message sent by a first NF, where the fourth request message carries identification information of a first slice; the NSSF sends a fourth response message to the first NF, where the fourth response message carries a trustworthiness level of the first slice; or the fourth response message carries identification information of a second NF set and a trustworthiness level of the second NF set, and the second NF set is an NF set corresponding to the first slice.
  • the method before that the NSSF sends a fourth response message to the first NF, the method further includes: The NSSF determines the trustworthiness level of the first slice based on first preconfiguration information and the identification information of the first slice, where the first preconfiguration information includes a correspondence between the trustworthiness level of the first slice and the identification information of the first slice.
  • the method before that the NSSF sends a fourth response message to the first NF, the method further includes: The NSSF determines the trustworthiness level of the second NF set based on second preconfiguration information and the identification information of the first slice, where the second preconfiguration information includes a correspondence between the identification information of the second NF set and the trustworthiness level of the second NF set.
  • the first NF may include an AMF, an SMF, or the like.
  • this application provides a secure communication method.
  • the method includes: a domain name system (domain name system, DNS) receives a fifth request message from a first network function (network function, NF), where the fifth request message carries domain name information and a trustworthiness level; in response to the fifth request message, the DNS determines a second NF based on the domain name information and the trustworthiness level; and the DNS sends identification information of the second NF to the first NF.
  • domain name system domain name system
  • NF network function
  • the DNS may determine the second NF based on a stored correspondence between the domain name information and the identification information and a stored correspondence between the identification information and the trustworthiness level (or a stored correspondence between the domain name information and the trustworthiness level). For example, a correspondence between domain name information (or identification information) of one or more NFs and a trustworthiness level of the one or more NFs may be configured in the DNS. The DNS determines the second NF based on the trustworthiness level, so that the first NF may receive the identification information of the second NF, where the identification information of the second NF may include an IP address or the like of the second NF.
  • the first NF may interact with an NF (that is, the second NF) corresponding to the trustworthiness level.
  • an NF that is, the second NF
  • a requirement of a user identifier corresponding to a terminal device on the trustworthiness level can be met.
  • the first NF exchanges data and/or signaling with an NF (for example, the second NF) with a high trustworthiness level. This improves security of exchange between the first NF and the second NF.
  • this application provides a communication apparatus.
  • the communication apparatus includes a corresponding unit that performs the method in any one of the second aspect or the possible implementations of the second aspect.
  • the communication apparatus includes a corresponding unit that performs the method in any one of the third aspect or the possible implementations of the third aspect.
  • the communication apparatus includes a corresponding unit that performs the method in any one of the fourth aspect or the possible implementations of the fourth aspect.
  • the communication apparatus includes a corresponding unit that performs the method in any one of the eighth aspect or the possible implementations of the eighth aspect.
  • the communication apparatus includes a corresponding unit that performs the method in any one of the ninth aspect or the possible implementations of the ninth aspect. In still another possible implementation, the communication apparatus includes a corresponding unit that performs the method in any one of the tenth aspect or the possible implementations of the tenth aspect. In still another possible implementation, the communication apparatus includes a corresponding unit that performs the method described in the eleventh aspect.
  • the communication apparatus includes a transceiver unit and a processing unit.
  • this application provides a communication apparatus.
  • the communication apparatus includes a processor, configured to execute a program stored in a memory.
  • the communication apparatus when the program is executed, the communication apparatus is enabled to perform the method described in any one of the second aspect or the possible implementations of the second aspect.
  • the communication apparatus when the program is executed, the communication apparatus is enabled to perform the method described in any one of the third aspect or the possible implementations of the third aspect.
  • the communication apparatus when the program is executed, the communication apparatus is enabled to perform the method described in any one of the fourth aspect or the possible implementations of the fourth aspect.
  • the communication apparatus when the program is executed, the communication apparatus is enabled to perform the method described in any one of the eighth aspect or the possible implementations of the eighth aspect.
  • the communication apparatus when the program is executed, the communication apparatus is enabled to perform the method described in any one of the ninth aspect or the possible implementations of the ninth aspect. In still another possible implementation, when the program is executed, the communication apparatus is enabled to perform the method described in any one of the tenth aspect or the possible implementations of the tenth aspect. In still another possible implementation, when the program is executed, the communication apparatus is enabled to perform the method described in the eleventh aspect.
  • the memory is located outside the communication apparatus.
  • the memory is located in a network device.
  • the network device further includes a transceiver.
  • the transceiver is configured to receive a signal or send a signal. Specific implementations of the transceiver and the processor are not described in detail herein.
  • this application provides a communication apparatus.
  • the communication apparatus includes a processing circuit and an interface circuit.
  • the interface circuit is configured to receive computer code and transmit the computer code to a processor.
  • the processor runs the computer code to perform the foregoing method performed by the NF. Specific implementations of the interface circuit and the processing circuit are not described in detail herein.
  • this application provides a communication apparatus.
  • the communication apparatus includes a corresponding unit that performs the method in any one of the fifth aspect or the possible implementations of the fifth aspect.
  • the communication apparatus includes a corresponding unit that performs the method in any one of the sixth aspect or the possible implementations of the sixth aspect.
  • the communication apparatus includes a transceiver unit and a processing unit.
  • this application provides a communication apparatus.
  • the communication apparatus includes a processor, configured to execute a program stored in a memory, and when the program is executed, the communication apparatus is enabled to perform the method described in any one of the fifth aspect or the possible implementations of the fifth aspect. Alternatively, when the program is executed, the communication apparatus is enabled to perform the method described in any one of the sixth aspect or the possible implementations of the sixth aspect.
  • the memory is located outside the communication apparatus.
  • this application provides a communication apparatus.
  • the communication apparatus includes a processor, a memory, and a program that is stored in the memory and that can be run on the processor.
  • the communication apparatus is enabled to perform the method described in any one of the fifth aspect or the possible implementations of the fifth aspect.
  • the communication apparatus is enabled to perform the method described in any one of the sixth aspect or the possible implementations of the sixth aspect.
  • this application provides a communication apparatus.
  • the communication apparatus includes a processor, a memory, and a transceiver.
  • the transceiver is configured to receive a signal or send a signal.
  • the memory is configured to store computer code.
  • the processor is configured to execute the computer code, to enable the communication apparatus to perform the method described in any one of the fifth aspect or the possible implementations of the fifth aspect.
  • the processor is configured to execute computer code, to enable the communication apparatus to perform the method described in any one of the sixth aspect or the possible implementations of the sixth aspect.
  • this application provides a communication apparatus.
  • the communication apparatus includes a processing circuit and an interface circuit.
  • the interface circuit is configured to obtain first indication information, where the first indication information is used to indicate the communication apparatus to generate second pseudonym information.
  • the processing circuit is configured to: generate the second pseudonym information based on a first user identifier; generate a root key according to the second pseudonym information; and generate an access stratum key and/or a non-access stratum key based on the root key, where the access stratum key is used to protect data and/or signaling between the communication apparatus and an access device, and the non-access stratum key is used to protect data and/or signaling between the communication apparatus and a first NF.
  • the interface circuit is configured to obtain second indication information, where the second indication information is used to indicate the communication apparatus to generate a user plane key.
  • the processing circuit is configured to generate second pseudonym information based on a first user identifier, generate a root key based on the second pseudonym information, and generate the user plane key based on the root key, where the user plane key is used to protect data between the communication apparatus and a user plane function.
  • this application provides a computer-readable storage medium.
  • the computer-readable storage medium is configured to store a computer program.
  • the method described in any one of the second aspect or the possible implementations of the second aspect is performed.
  • the method described in any one of the third aspect or the possible implementations of the third aspect is performed.
  • the method described in any one of the fourth aspect or the possible implementations of the fourth aspect is performed.
  • the computer program is run on a computer, the method described in any one of the fifth aspect or the possible implementations of the fifth aspect is performed.
  • this application provides a computer program product.
  • the computer program product includes a computer program or computer code, and when the computer program product runs on a computer, the method described in any one of the foregoing aspects or the possible implementations of the aspects is performed.
  • this application provides a computer program.
  • the computer program When the computer program is run on a computer, the method described in any one of the foregoing aspects or the possible implementations of the aspects is performed.
  • this application provides a communication apparatus.
  • the communication apparatus is configured to perform the method described in any one of the second aspect or the possible implementations of the second aspect.
  • the communication apparatus is configured to perform the method described in any one of the third aspect or the possible implementations of the third aspect.
  • the communication apparatus is configured to perform the method described in any one of the fourth aspect or the possible implementations of the fourth aspect.
  • the communication apparatus is configured to perform the method described in any one of the fourth aspect or the possible implementations of the fourth aspect.
  • the communication apparatus is configured to perform the method described in any one of the fifth aspect or the possible implementations of the fifth aspect.
  • the communication apparatus is configured to perform the method described in any one of the sixth aspect or the possible implementations of the sixth aspect. In still another possible implementation, the communication apparatus is configured to perform the method described in any one of the seventh aspect or the possible implementations of the seventh aspect. In still another possible implementation, the communication apparatus is configured to perform the method described in any one of the eighth aspect or the possible implementations of the eighth aspect. In still another possible implementation, the communication apparatus is configured to perform the method described in any one of the ninth aspect or the possible implementations of the ninth aspect. In still another possible implementation, the communication apparatus is configured to perform the method described in any one of the tenth aspect or the possible implementations of the tenth aspect.
  • this application provides a wireless communication system.
  • the wireless communication system includes a first NF and a third NF.
  • the first NF is configured to perform the method described in any one of the second aspect or the possible implementations of the second aspect.
  • the third NF is configured to perform the method described in any one of the third aspect or the possible implementations of the third aspect.
  • the wireless communication system further includes a fourth NF.
  • the fourth NF is configured to perform the method described in any one of the fourth aspect or the possible implementations of the fourth aspect.
  • the first NF may be further configured to perform the method described in any one of the eighth aspect or the possible implementations of the eighth aspect.
  • the wireless communication system further includes an NRF.
  • the NRF is configured to perform the method described in any one of the ninth aspect or the possible implementations of the ninth aspect.
  • the wireless communication system further includes an NSSF.
  • the NSSF is configured to perform the method described in any one of the tenth aspect or the possible implementations of the tenth aspect.
  • the wireless communication system further includes a terminal device.
  • the terminal device is configured to perform the method described in any one of the fifth aspect or the possible implementations of the fifth aspect; or the terminal device may be further configured to perform the method described in any one of the sixth aspect or the possible implementations of the sixth aspect.
  • At least one (item) means one or more
  • a plurality of means two or more
  • at least two (items) means two or three or more.
  • the term “and/or” is used to describe an association relationship between associated objects and indicates that three relationships may exist.
  • a and/or B may indicate the following three cases: Only A exists, only B exists, and both A and B exist, where A and B may be singular or plural.
  • the character “/” generally indicates an "or” relationship between the associated objects.
  • At least one of the following items (pieces)” or a similar expression thereof refers to any combination of these items. For example, at least one of a, b, or c may represent a, b, c, "a and b", “a and c", "b and c", or "a, b, and c".
  • LTE long term evolution
  • FDD frequency division duplex
  • TDD time division duplex
  • UMTS universal mobile telecommunications system
  • WiMAX worldwide interoperability for microwave access
  • 5G 5th generation
  • 5G new radio
  • NR new radio
  • this application is applied to the 5G communication system.
  • the following describes network functions in the 5G system by using an example.
  • FIG. 1 An example in which a network architecture shown in FIG. 1 is a 5G network architecture that is based on a service-oriented architecture defined in a 3rd Generation Partnership Project (3rd generation partnership project, 3GPP) standardization process is used.
  • the network architecture may include at least three parts: a terminal device part, an operator network part, a data network (data network, DN) part, and the like.
  • the terminal device part may include a terminal device 110, and the terminal device 110 may also be referred to as user equipment (user equipment, UE).
  • the terminal device 110 in this application is a device having a wireless transceiver function, and may communicate with one or more core network (core network, CN) devices (which may also be referred to as core devices) through an access network device (which may also be referred to as an access device) in a radio access network (radio access network, RAN) 140.
  • core network core network
  • RAN radio access network
  • the terminal device 110 may also be referred to as an access terminal, a terminal, a subscriber unit, a subscriber station, a mobile station, a mobile console, a remote station, a remote terminal, a mobile device, a user terminal, a user agent, a user apparatus, or the like.
  • the terminal device 110 may be deployed on land, including an indoor device, an outdoor device, a handheld device, or a vehicle-mounted device; or may be deployed on the water surface (for example, on a ship); or may be deployed in the air (for example, on an airplane, a balloon, or a satellite).
  • the terminal device 110 may be a handheld device, a vehicle-mounted device, a wearable device, a terminal in the internet of things or the internet of vehicles, a terminal in any form in a 5G network, a terminal in any form in a future network, or the like that has a wireless communication function. This is not limited in this application.
  • a part operated by an operator in various communication systems may be referred to as an operator network, a PLMN network, or the like.
  • the operator network is mainly a public network used by a mobile network operator (mobile network operator, MNO) to provide a mobile broadband access service for a user.
  • MNO mobile network operator
  • the operator network or the PLMN network in this application may alternatively be a network that meets a requirement of a 3GPP standard, which is referred to as a 3GPP network for short.
  • the 3GPP network may be usually operated by an operator, and includes but is not limited to a 5th generation mobile communication (5th-generation, 5G) network (5G network for short), a 4th generation mobile communication (4th-generation, 4G) network (4G network for short), or the like.
  • the operator network may include a network exposure function (network exposure function, NEF) 131, a network repository function (network function repository function, NRF) 132, a policy control function (policy control function, PCF) 133, a unified data management (unified data management, UDM) 134, an application function (application function, AF) 135, an authentication server function (authentication server function, AUSF) 136, an access and mobility management function (access and mobility management function, AMF) 137, a session management function (session management function, SMF) 138, a user plane function (user plane function, UPF) 139, a (radio) access network ((radio) access network, (R)AN) 140, and the like.
  • a part other than the (radio) access network 140 part may be referred to as a core network (core network, CN) part or a core network part.
  • a data network DN 120 may also be referred to as a packet data network (packet data network, PDN), and is usually a network outside the operator network, for example, a third-party network.
  • PDN packet data network
  • the operator network may access a plurality of data networks DNs 120, and a plurality of services may be deployed in the data networks DNs 120, to provide services such as a data service and/or a voice service for the terminal device 110.
  • a specific representation form of the third-party network may be specifically determined based on an actual application scenario. This is not limited in this application.
  • the (R)AN 140 is a sub-network of the operator network, and is an implementation system between a service node in the operator network and the terminal device 110.
  • the terminal device 110 To access the operator network, the terminal device 110 first accesses the (R)AN 140, and then connects to a network function in the operator network through the (R)AN 140.
  • An access network device in embodiments of this application is a device that provides a wireless communication function for the terminal device 110, and may also be referred to as an access device, a (R)AN device, or the like.
  • the (R)AN device includes but is not limited to a next generation NodeB (next generation node base station, gNB) in a 5G system, an evolved NodeB (evolved NodeB, eNB) in an LTE system, a radio network controller (radio network controller, RNC), a NodeB (NodeB, NB), a base station controller (base station controller, BSC), a base transceiver station (base transceiver station, BTS), a home base station (home evolved NodeB, or home NodeB, HNB), a baseband unit (base band unit, BBU), a transmission reception point (transmitting and receiving point, TRP), a transmission point (transmitting point, TP), a small cell device (pico), a mobile switching center, a network device in a future network, or the like.
  • gNB next generation node base station
  • eNB evolved NodeB
  • eNB evolved NodeB
  • LTE long term evolution nodeB
  • the access network device is not limited in this application. In systems using different radio access technologies, devices having functions of the access network device may have different names.
  • the (R)AN 140 is described below by using an access device as an example.
  • the access device may include a centralized unit (centralized unit, CU), a distributed unit (distributed unit, DU), and the like.
  • the CU may be further divided into a CU-control plane (control plane, CP), a CU-user plane (user plan, UP), and the like.
  • the access device may alternatively have an open radio access network (open radio access network, ORAN) architecture or the like.
  • open radio access network open radio access network, ORAN
  • the network exposure function (NEF) (which may also be referred to as an NEF network function or an NEF network function entity) 131 is a control plane function provided by the operator.
  • the NEF network function 131 securely exposes an external interface of the operator network to a third party.
  • the SMF network function 138 needs to communicate with a third-party network function
  • the NEF network function 131 may serve as a relay for communication between the SMF network function 138 and a third-party network entity.
  • the NEF network function 131 may translate identification information of a subscriber and identification information of the third-party network function.
  • the NEF network function 131 may translate the SUPI into a corresponding external identity (identity, ID) of the SUPI.
  • ID an ID of the third-party network entity
  • the NEF network function 131 may translate the external ID into a SUPI.
  • the network repository function NRF 132 may be configured to maintain real-time information of all network function services in a network.
  • the network repository function NRF 132 may store identification information and a trustworthiness level of one or more NFs.
  • the NRF may store identification information of a second network function (network function, NF) and a trustworthiness level of the second NF.
  • the policy control function PCF 133 is a control plane function provided by the operator, and is configured to provide a PDU session policy for the session management function SMF 138.
  • the policy may include a charging-related policy, a QoS-related policy, an authorization-related policy, and the like.
  • the unified data management UDM 134 is a control plane function provided by the operator, and is responsible for storing information such as a subscription permanent identifier (subscriber permanent identifier, SUPI), a security context (security context), and subscription data of a subscriber in the operator network.
  • the subscriber in the operator network may be specifically a user using a service provided by the operator network, for example, a user using a terminal device SIM card of China Telecom, or a user using a terminal device SIM card of China Mobile.
  • the SUPI of the subscriber may be a number of the terminal device SIM card.
  • the security context may be data (cookie), a token (token), or the like stored in a local terminal device (for example, a mobile phone).
  • the subscription data of the subscriber may be a supporting service of the terminal device SIM card, for example, a traffic package of the mobile phone SIM card.
  • the subscription data of the subscriber may further include a subscription level of the subscriber.
  • the subscriber is a common user or a very important person (very important person, VIP).
  • the unified data management UDM 134 may not only store the subscription data of the subscriber, but also determine a trustworthiness attribute of the subscriber based on the subscription level of the subscriber.
  • the application function (application function, AF) 135 is configured to perform application-affected data routing, access the network exposure function, interact with a policy framework to perform policy control, and so on.
  • the authentication server function AUSF 136 is a control plane function provided by the operator, and is usually configured to perform primary authentication, that is, authentication between the terminal device 110 (the subscriber) and the operator network.
  • the access and mobility management function AMF 137 is a control plane network function provided by the operator network, and is responsible for access control and mobility management when the terminal device 110 accesses the operator network, for example, including functions such as mobility status management, allocation of a temporary user identity, and user authentication and authorization.
  • the session management function SMF 138 is a control plane network function provided by the operator network, and is responsible for managing a protocol data unit (protocol data unit, PDU) session of the terminal device 110.
  • the PDU session is a channel used to transmit a PDU, and the terminal device and the DN 120 need to transmit a PDU to each other through the PDU session.
  • the SMF 138 may be responsible for establishment, maintenance, deletion, and the like of the PDU session.
  • the SMF 138 includes functions related to a session, for example, session management (for example, session establishment, modification, and release, including tunnel maintenance between the UPF 139 and the (R)AN 140), selection and control of the UPF 139, service and session continuity (service and session continuity, SSC) mode selection, and roaming.
  • the UPF 139 is a gateway provided by the operator and a gateway for communication between the operator network and the DN 120.
  • the UPF 139 includes functions related to a user plane, for example, data packet routing and transmission, packet detection, service usage reporting, quality of service (quality of service, QoS) processing, lawful interception, uplink packet detection, and downlink data packet storage.
  • the network functions in the operator network shown in FIG. 1 may further include a network slice selection function (network slice selection function, NSSF) (not shown in FIG. 1 ), responsible for determining a network slice instance, selecting the AMF network function 137, and so on.
  • NSSF network slice selection function
  • the NSSF may store identification information of a slice and a trustworthiness level of the slice.
  • the NSSF may store identification information of one or more slices and a trustworthiness level of the one or more slices, where one slice corresponds to one trustworthiness level.
  • the NSSF may store identification information of a first slice and a trustworthiness level of the first slice.
  • the NSSF may further store identification information of a slice and an NF set corresponding to the slice.
  • the NSSF may store identification information of one or more slices and an NF set corresponding to the one or more slices, where for example, one slice corresponds to one NF set, or a plurality of slices correspond to one NF set.
  • the NSSF may store identification information of a first slice and identification information of a second NF set corresponding to the first slice.
  • the identification information of the slice may include a network slice selection assistance information (network slice selection assistance information, NSSAI) set, single network slice selection assistance information (single network slice selection assistance information, S-NSSAI), or the like.
  • NSSAI network slice selection assistance information
  • S-NSSAI single network slice selection assistance information
  • the identification information of the first slice and the identification information of the second NF set corresponding to the first slice may also be understood as a correspondence between the first slice and the second NF set, a correspondence between the identification information of the first slice and the second NF set corresponding to the first slice, or the like. How to describe a relationship between the first slice and the second NF set is not limited in this embodiment of this application.
  • slicing in this application is simply understood as dividing a physical network of an operator into a plurality of virtual end-to-end networks.
  • the virtual networks (for example, including devices, and access, transport, and core networks in the networks) are logically independent of each other, and a fault in any virtual network does not affect another virtual network. This is not limited.
  • independent management and operation and maintenance are required for services, and customized service functions and analysis capabilities are provided.
  • Instances of different service types may be deployed on different network slices, and different instances of a same service type may also be deployed on different network slices.
  • a slice may include a group of network functions and subnets.
  • the subnet (R)AN 140, the AMF 137, the SMF 138, and the UPF 139 in FIG. 1 may form a slice.
  • FIG. 1 only one network function of each type is schematically illustrated.
  • Many slices can be deployed in a network. All slices may have different performance to meet requirements of different applications and different vertical industries. It may be understood that the slice described in this application may also be referred to as a network slice, a network slice instance, or the like. A name of the slice is not limited in this application.
  • the network functions in the operator network shown in FIG. 1 may further include a unified data repository (unified data repository, UDR).
  • UDR unified data repository
  • the network functions in the operator network shown in FIG. 1 may further include a domain name system (domain name system, DNS) (not shown in FIG. 1 ).
  • DNS domain name system
  • the DNS may be configured to configure (or define) internet protocol (internet protocol, IP) addressing between physical network elements, for example, IP addressing between a base station and the AMF.
  • IP internet protocol
  • Nnef, Nausf, Nnrf, Npcf, Nudm, Naf, Namf, Nsmf, N1, N2, N3, N4, and N6 are interface sequence numbers.
  • meanings of the interface sequence numbers refer to meanings defined in the 3GPP standard protocol.
  • the meanings of the interface sequence numbers are not limited in this application.
  • an example in which the terminal device 110 is UE is merely used for description.
  • Names of interfaces between network functions in FIG. 1 are merely examples.
  • the names of the interfaces in the system architecture may be other names. This is not limited in this application.
  • a mobility management network function in this application may be the AMF 137 shown in FIG. 1 , or may be another network function having the foregoing access and mobility management function AMF 137 in a future communication system.
  • a mobility management network function in this application may be a mobility management entity (mobility management entity, MME) or the like in an LTE system.
  • MME mobility management entity
  • the access and mobility management function AMF 137 is referred to as an AMF for short
  • the unified data management UDM 134 is referred to as a UDM for short
  • the terminal device 110 is referred to as UE.
  • all AMFs may be replaced with the mobility management network function
  • all UDMs may be replaced with the unified data management
  • all UEs may be replaced with the terminal device. It may be understood that the replacement method is also applicable to another network function that is not shown.
  • a service-based architecture and a universal interface are used for the network architecture (for example, the 5G network architecture) shown in FIG. 1 .
  • a conventional network element function is split into several self-contained, self-managed, and reusable network function service modules based on a network function virtualization (network function virtualization, NFV) technology.
  • the schematic diagram of the network architecture shown in FIG. 1 may be understood as a schematic diagram of a service-based 5G network architecture in a non-roaming scenario. This application is also applicable to a roaming scenario.
  • a first NF may include an AMF (for example, a default AMF (default AMF)), an SMF, or the like.
  • a third NF includes a UDM, a UDR, a PCF, or the like.
  • a fourth NF may include a UDR.
  • a second NF may be any NF or network function.
  • a user plane function may include a UPF.
  • steps or functions performed by the first NF described in this application may be implemented by the AMF or the SMF, and steps or functions performed by the third NF may be performed by the UDM, or may be performed by the UDR.
  • the method provided in this application is not limited to the following examples.
  • the first NF may include a default AMF, and the second NF may include an AMF that the terminal device can interact with.
  • the first NF may include an SMF
  • the second NF may include a UPF.
  • the first NF may include an AMF
  • the second NF may include an SMF.
  • an NF in this application may also be understood as a network element, a node, a network device, or the like.
  • a user identifier may be transmitted in a form of a pseudonym between NFs, so that opportunities of widely spreading the user identifier between the NFs are reduced, and security of the user identifier is improved.
  • an NF with a high trustworthiness level may transmit data and/or signaling, so that an NF with a low trustworthiness level is prevented from accessing sensitive data, security of service exchange between NFs is improved, network security is improved, and deployment feasibility is high.
  • FIG. 2A and FIG. 2B are a schematic flowchart of a secure communication method according to an embodiment of this application. The method may be applied to the communication system shown in FIG. 1 . As shown in FIG. 2A and FIG. 2B , the secure communication method includes the following steps.
  • a first NF sends a first request message to a third NF, where the first request message carries first pseudonym information of a first user identifier of a terminal device.
  • the third NF receives the first request message.
  • the first user identifier may include a SUPI
  • the first pseudonym information may be used to indicate a pseudonym (anonymous) of the first user identifier; or the first pseudonym information may be used to indicate processed identification information that is different from the first user identifier.
  • the first pseudonym information may be obtained after the first user identifier is pseudonymized.
  • the first pseudonym information may include a subscription concealed identifier (subscription concealed identifier, SUCI), or the first pseudonym information may include a pseudonym identifier, for example, a SUPI*, generated based on a SUPI.
  • “pseudonym information” described in this embodiment of this application may alternatively be replaced with “replacement information”, “user pseudonym information”, “anonymous information”, a “pseudonym”, or the like.
  • a name of the pseudonym information is not limited in this embodiment of this application.
  • the first user identifier including the SUPI in this embodiment of this application is merely an example.
  • the first user identifier may alternatively be another identifier or the like of the terminal device. This is not limited in this embodiment of this application.
  • the third NF determines a trustworthiness attribute of the first user identifier.
  • the trustworthiness attribute of the first user identifier may be used to indicate whether the first user identifier needs to be pseudonymized, for example, whether the third NF needs to pseudonymize the first user identifier; or the trustworthiness attribute of the first user identifier may be used to indicate whether the first user identifier needs to be protected.
  • the terminal device may interact with a core device and/or an access device by using the first user identifier, in an understanding manner, that the third NF determines a trustworthiness attribute of the first user identifier may also be understood as that the third NF determines a trustworthiness attribute of the terminal device.
  • the terminal device is a device that uses the first user identifier. This understanding manner is also applicable to another embodiment.
  • the third NF may determine the trustworthiness attribute of the first user identifier based on a subscription level of the first user identifier.
  • the subscription level of the first user identifier may be included in subscription data of the first user identifier.
  • the subscription level may be used to distinguish between different types of users.
  • the subscription level of the first user identifier may indicate a VIP or a common user.
  • the subscription level of the first user identifier may indicate a user having a high privacy requirement or a user having a low privacy requirement. It may be understood that the foregoing subscription levels are merely examples. During actual application, there may be more distinguishing methods and the like. A specific classification manner of the subscription level is not limited in this embodiment of this application.
  • the third NF may determine the trustworthiness attribute of the first user identifier based on a session attribute of the first user identifier.
  • the session attribute may be used to distinguish between different sessions conducted by using the first user identifier.
  • the session attribute of the first user identifier may be an audio/video attribute.
  • the session attribute of the first user identifier may be a video conference or a voice call.
  • the session attribute of the first user identifier may indicate a session that has a high requirement on data communication security.
  • a specific classification manner of the session attribute is not limited in this embodiment of this application.
  • the third NF determines the trustworthiness attribute of the first user identifier based on an industry requirement of the first user identifier.
  • whether the data and/or the signaling need/needs to be protected may be determined based on different industries.
  • security of the data and/or the signaling may be determined based on the different industries.
  • protection is required for the R&D industry or the financial industry. Therefore, when data and/or signaling of the industry is involved, the data and/or the signaling may be protected.
  • the industry requirement may alternatively be that data and/or signaling in a target area (or a target security domain) need/needs to be protected. For example, in a campus, the data and/or the signaling may be protected; and in other campuses, whether to protect the data and/or the signaling may not be limited. Specific classification of the industry requirement is not limited in this embodiment of this application.
  • the third NF may alternatively determine the trustworthiness attribute of the first user identifier based on a trustworthiness attribute of a slice to which the first user identifier belongs.
  • the third NF may store the first user identifier, a slice identifier corresponding to the first user identifier, and a trustworthiness level corresponding to the slice identifier, so that the third NF may determine the trustworthiness attribute of the first user identifier based on the trustworthiness level corresponding to the slice identifier.
  • the third NF sends a first response message to the first NF, where the first response message carries second pseudonym information of the first user identifier.
  • the first NF receives the first response message.
  • the preset condition may include a user level condition, an identity privacy protection condition, an industry data security protection condition, or the like.
  • the preset condition may be used to distinguish between trustworthiness attributes of different levels. Therefore, a specific distinguishing manner of the preset condition is not limited in this embodiment of this application.
  • the preset condition may be determined based on a manner of determining the trustworthiness attribute. For example, if the trustworthiness attribute of the first user identifier is determined based on the subscription level of the first user identifier, the preset condition may be that the subscription level indicates a VIP or a user having a high privacy requirement.
  • the preset condition may be a session having a high requirement on data communication security, for example, a video conference.
  • the trustworthiness attribute of the first user identifier is determined based on the industry requirement of the first user identifier
  • the preset condition may be a user with high industry data security. It may be understood that specific content of the preset condition is not limited in this embodiment of this application.
  • the second pseudonym information may be used to indicate a pseudonym (anonymous) of the first user identifier; or the second pseudonym information may be used to indicate processed identification information that is different from the first user identifier. If the trustworthiness attribute of the first user identifier meets the preset condition, when different network elements or network functions interact with each other, the first user identifier may be pseudonymized, to ensure security of the first user identifier. In other words, if the trustworthiness attribute of the first user identifier meets the preset condition, the first user identifier may be exchanged in a form of the second pseudonym information between the different network elements or network functions.
  • the second pseudonym information may include a SUPI*.
  • the second pseudonym information may include a new SUPI*.
  • the second pseudonym information may include the SUPI*. Whether a SUPI* carried in the first response message is the same as a SUPI* carried in the first request message is not limited in this embodiment of this application. This description is also applicable to another embodiment of this application.
  • the third NF sends a first response message to the first NF, where the first response message carries the first user identifier.
  • the first NF receives the first response message.
  • the trustworthiness attribute of the first user identifier indicates that the first user identifier is a common user, or the trustworthiness attribute of the first user identifier indicates that a requirement of a session conducted by using the first user identifier is low
  • the first user identifier may not be pseudonymized when the first user identifier is exchanged between network elements or network functions. It may be understood that, in this embodiment of this application, whether to pseudonymize the first user identifier when the trustworthiness attribute of the first user identifier does not meet the preset condition is not limited.
  • that the third NF sends a first response message to the first NF includes: If a trustworthiness level of the first NF matches a preset level, the third NF sends the first response message to the first NF.
  • the preset level is used to measure trustworthiness levels of different NFs, and specific content of the preset level is not limited.
  • the trustworthiness levels include a strong trustworthiness level, a weak trustworthiness level, and an untrustworthiness level
  • the preset level may be the weak trustworthiness level or the untrustworthiness level.
  • the trustworthiness levels include a high trustworthiness level, a low trustworthiness level, and an untrustworthiness level
  • the preset level may be the low trustworthiness level or the untrustworthiness level.
  • the third NF may send pseudonym information (that is, the second pseudonym information) of the first user identifier to the first NF.
  • pseudonym information that is, the second pseudonym information
  • the preset level may change with the classification manner of the trustworthiness level, and so on.
  • the third NF sends, to the first NF, a response message carrying the first user identifier.
  • the third NF can trust the first NF, and therefore may send a real user identifier such as the first user identifier to the first NF.
  • the third NF may send the second pseudonym information of the first user identifier to the first NF with a low trustworthiness level.
  • the third NF may send the first user identifier to the first NF.
  • that the third NF sends a first response message to the first NF includes: If a trustworthiness level of a security domain to which the first NF belongs matches a preset level, the third NF sends the first response message to the first NF.
  • trustworthiness levels of different NFs may be distinguished, and trustworthiness levels of different security domains may also be distinguished.
  • a first security domain, a second security domain, and the like may be distinguished, and a trustworthiness level of the first security domain is different from a trustworthiness level of the second security domain. If the first NF is located in the first security domain, and the first security domain has a weak trustworthiness level, it indicates that the security domain in which the first NF is located cannot be fully trusted. Therefore, the third NF may send the second pseudonym information of the first user identifier to the first NF.
  • the third NF may send a real user identifier such as the first user identifier to the first NF.
  • a third security domain and the like may be further included. Trustworthiness levels of the first security domain, the second security domain, and the third security domain are different. How to specifically classify the security domain is not limited in this embodiment of this application. How to specifically classify the trustworthiness level corresponding to each security domain is not limited either.
  • the method shown in FIG. 2A and FIG. 2B may further include the following step:
  • the third NF may obtain the first user identifier based on the first pseudonym information, and generate the second pseudonym information based on the first user identifier.
  • the third NF may obtain a SUPI based on the SUCI, and then generate new second pseudonym information such as a new SUPI* based on the SUPI.
  • the third NF may obtain a SUPI based on a correspondence between the SUPI* and the SUPI, and then generate new second pseudonym information such as a new SUPI* based on the SUPI.
  • the first response message may further carry the SUPI*, in other words, the third NF may further continue to use the existing SUPI*.
  • the third NF may determine, according to a local policy, whether to continue to use the existing SUPI* or use the new SUPI*.
  • the local policy such as the SUPI* may have a specific validity period. Within the validity period of the SUPI*, the third NF may continue to use the SUPI*. Beyond the validity period of the SUPI*, the third NF may use the new SUPI*. It may be understood that a specific manner of the local policy is not limited in this embodiment of this application. It may be understood that the descriptions of the SUPI* and the new SUPI* are also applicable to the following embodiments.
  • the SUPI* is merely a shown pseudonym form, and the pseudonym information of the first user identifier may be in another form or the like. This is not limited in this embodiment of this application.
  • the random number may be a random number in an authentication vector.
  • a parameter for generating the SUPI* may further include a key Kausf in the authentication vector or Kausf derived based on the authentication vector, where Kausf is shared between UE, a home network AUSF/UDM, and the like.
  • the third NF stores a correspondence between the first pseudonym information and the first user identifier, and the third NF may further store a correspondence between the second pseudonym information and the first user identifier.
  • the third NF stores the correspondence, so that when the first NF or another NF sends the pseudonym information of the first user identifier to the third NF, the third NF can obtain the first user identifier based on the correspondence.
  • the method shown in FIG. 2A and FIG. 2B may further include the following step:
  • the fourth NF may store the correspondence between the first user identifier and the pseudonym information of the first user identifier. Therefore, the third NF sends the second request message to the fourth NF, so that the fourth NF can generate the second pseudonym information in response to the second request message.
  • the fourth NF may obtain a SUPI based on the SUCI, and then generate new second pseudonym information such as a new SUPI* based on the SUPI.
  • the fourth NF may obtain a SUPI based on a correspondence between the SUPI* and the SUPI, and then generate new second pseudonym information such as a new SUPI* based on the SUPI.
  • the fourth NF may further continue to use an existing SUPI* according to a local policy. It may be understood that for a method for generating the new second pseudonym information such as the new SUPI* by the fourth NF based on the first user identifier such as the SUPI, refer to the generation method of the third NF. Details are not described herein again.
  • the fourth NF sends the second pseudonym information to the third NF.
  • the third NF receives the second pseudonym information.
  • the fourth NF may further send the correspondence between the first pseudonym information and the first user identifier to the third NF. Therefore, after receiving the correspondence, the third NF may obtain the first user identifier based on the correspondence, and further generate the second pseudonym information based on the first user identifier.
  • a UDM may store the correspondence between the first user identifier and the first pseudonym information, and/or the correspondence between the first user identifier and the second pseudonym information.
  • a UDR may store the correspondence between the first user identifier and the first pseudonym information, and/or the correspondence between the first user identifier and the second pseudonym information.
  • the third NF may perform step 2031 or perform step 2032 to step 2034 based on different NFs that store the correspondence.
  • the first response message carries the second pseudonym information.
  • the first response message may further carry other information. Based on different other information carried in the first response message, this embodiment of this application further provides several methods.
  • the first response message may further carry a root key Kamf.
  • the another parameter is not limited in this embodiment of this application.
  • the KDF algorithm herein may be a key derivation algorithm or the like defined in a 3GPP standard, for example, an HMAC-SHA256 algorithm.
  • the KDF algorithm is not limited in this embodiment of this application.
  • the another parameter 2 is not limited in this embodiment of this application.
  • a key derivation algorithm KDF1 used by the third NF (or the fourth NF) to generate the SUPI* based on the SUPI and the key derivation algorithm KDF2 used by the third NF to generate the root key Kamf based on the SUPI* need to meet the following condition:
  • the KDF2 may be the same as or different from the KDF1. This is not limited in this embodiment of this application. It may be understood that the foregoing root key generation method is merely an example, and should not be understood as a limitation on this embodiment of this application.
  • the method shown in FIG. 2A and FIG. 2B may further include: If the first response message further carries the root key Kamf, the first NF may further generate a user plane key or the like based on the root key.
  • a method for applying the root key by the first NF is not limited in this embodiment of this application.
  • the first response message may further carry third indication information, and the third indication information is used to indicate the first NF to generate a root key based on the second pseudonym information.
  • a specific indication form of the third indication information is not limited in this embodiment of this application.
  • 1-bit information may be used to indicate that the first response message carries the third indication information.
  • "1" may indicate that the first response message carries the third indication information.
  • 2-bit information may alternatively be used to indicate whether the first response message carries indication information and whether the carried indication information is the third indication information. It may be understood that the foregoing is merely an example, and this is not limited in this application.
  • the method shown in FIG. 2A and FIG. 2B may further include: If the first response message further carries the third indication information, the first NF generates the root key Kamf based on the second pseudonym information.
  • Kamf KDF2(SUPI*, another parameter 2).
  • the another parameter 2 is not limited in this embodiment of this application.
  • a key derivation algorithm KDF1 used by the third NF (or the fourth NF) to generate the SUPI* based on the SUPI and the key derivation algorithm KDF2 used by the first NF to generate the root key Kamf based on the SUPI* need to meet the following condition:
  • the KDF algorithm herein is a key derivation algorithm defined in a 3GPP standard, for example, an HMAC-SHA256 algorithm.
  • the KDF2 may be the same as or different from the KDF1. This is not limited in this embodiment of this application.
  • the first NF may further generate a user plane key or the like based on the root key.
  • a method for applying the root key by the first NF is not limited in this embodiment of this application.
  • the method shown in FIG. 2A and FIG. 2B may further include: After receiving the first response message, the first NF generates the root key Kamf based on the second pseudonym information.
  • Kamf KDF2(SUPI*, another parameter 2).
  • the another parameter 2 is not limited in this embodiment of this application.
  • a key derivation algorithm KDF1 used by the third NF (or the fourth NF) to generate the SUPI* based on the SUPI and the key derivation algorithm KDF2 used by the first NF to generate the root key Kamf based on the SUPI* need to meet the following condition:
  • the KDF algorithm herein is a key derivation algorithm defined in a 3GPP standard, for example, an HMAC-SHA256 algorithm.
  • the KDF2 may be the same as or different from the KDF1. This is not limited in this embodiment of this application.
  • the first NF may further generate a user plane key or the like based on the root key.
  • a method for applying the root key by the first NF is not limited in this embodiment of this application.
  • the foregoing method 1 to method 3 have no impact on the UE, in other words, the UE may remain unchanged.
  • Kamf KDF(SUPI, another parameter 1)
  • the UE herein can remain unchanged with respect to a method 4.
  • the UE further needs to receive first indication information, second indication information, and/or the like. Therefore, that the UE remains unchanged in this embodiment of this application should not be understood as a limitation on this embodiment of this application.
  • the first response message further carries first indication information and/or second indication information, the first indication information is used to indicate to generate the second pseudonym information, and the second indication information is used to indicate to generate a user plane key.
  • Specific indication forms of the first indication information and the second indication information are not limited in this embodiment of this application.
  • 1-bit information may be used to indicate whether the first response message carries the first indication information or the second indication information.
  • “ 1" may indicate that the first response message carries the first indication information
  • "0" may indicate that the first response message carries the second indication information.
  • 2-bit information may alternatively be used to indicate whether the first response message carries indication information, and whether the carried indication information is the first indication information or the second indication information. It may be understood that the foregoing is merely an example, and this is not limited in this application.
  • the method shown in FIG. 2A and FIG. 2B may further include the following steps.
  • the first NF If the first response message includes the first indication information, the first NF generates a root key based on the second pseudonym information.
  • the first NF may further generate the user plane key or the like based on the root key.
  • a method for applying the root key by the first NF is not limited in this embodiment of this application.
  • Kamf KDF(SUPI*, another parameter).
  • the another parameter is not limited in this embodiment of this application.
  • the first NF sends the first indication information to the terminal device.
  • the terminal device receives the first indication information.
  • FIG. 3a is a schematic flowchart of a secure communication method according to an embodiment of this application. The method may be applied to the terminal device. As shown in FIG. 3a , the method includes the following steps.
  • the terminal device receives the first indication information sent by the first NF (an AMF), where the first indication information is used to indicate the terminal device to generate the second pseudonym information.
  • the first indication information may be further used to indicate the terminal device to generate the root key.
  • the terminal device generates the second pseudonym information based on the first user identifier.
  • the terminal device generates the root key based on the second pseudonym information.
  • the terminal device generates an access stratum key and/or a non-access stratum key based on the root key, where the access stratum key is used to protect data and/or signaling between the terminal device and an access device, and the non-access stratum key is used to protect data and/or signaling between the terminal device and the first NF.
  • a method for generating the second pseudonym information by the terminal device based on the first user identifier and a method for generating the root key by the terminal device refer to the method for generating the second pseudonym information by the third NF and the method for generating the root key by the third NF. Details are not described herein again.
  • a method for generating the access stratum key by the terminal device is not limited in this embodiment of this application.
  • the access stratum key KDF(Kamf, another parameter).
  • the access stratum key and/or the non-access stratum key are/is generated based on the second pseudonym information, so that a security level of the data and/or the signaling can be effectively improved, and transmission of the data and/or the signaling can be protected.
  • the method shown in FIG. 2A and FIG. 2B may further include the following steps.
  • the first NF If the first response message includes the second indication information, the first NF generates the user plane key based on the second pseudonym information.
  • a method for generating the user plane key by the terminal device is not limited in this embodiment of this application.
  • the first NF sends the second indication information to the terminal device.
  • the terminal device receives the second indication information.
  • the first NF sends the user plane key to a user plane function.
  • the user plane function receives the user plane key.
  • step 2062 and step 2072 are not limited in this embodiment of this application.
  • FIG. 3b is a schematic flowchart of a secure communication method according to an embodiment of this application. The method may be applied to the terminal device. As shown in FIG. 3b , the method includes the following steps:
  • the terminal device may protect the data by using the user plane key. This prevents the data from, for example, being tampered with or intercepted by another network element or network function, and ensures security of the data.
  • the terminal device may be understood as a device that uses the first user identifier.
  • the first user identifier such as a SUPI may be a user identifier, a number, or the like stored in a terminal device SIM card.
  • the first user identifier is used as an example.
  • a second user identifier, a third user identifier, and the like may be further included.
  • the second user identifier or the third user identifier may also be applied to the methods shown in FIG. 2A and FIG. 2B , FIG. 3a, and FIG. 3b .
  • the third NF may determine, based on the trustworthiness attribute of the first user identifier, whether to pseudonymize the first user identifier, so that when the trustworthiness attribute of the first user identifier meets the preset condition, the third NF sends the pseudonymized first user identifier, that is, the second pseudonym information, to the first NF.
  • the first user identifier exists in a form of a pseudonym between different NFs, so that the first user identifier is prevented from, for example, being tampered with or intercepted by an insecure or untrustworthy network element or network function, the first user identifier is effectively protected, and security of the first user identifier is improved.
  • FIG. 4A and FIG. 4B are a schematic diagram of a scenario of the secure communication method according to an embodiment of this application.
  • the method may be applied to the network architecture shown in FIG. 1 . It may be understood that the method is described by using a terminal device as UE, a first NF as an AMF, and a third NF as a UDM.
  • a network function such as an AUSF and a user plane function such as a UPF are further used in the method.
  • a first user identifier includes a SUPI.
  • subscription data of one or more user identifiers is prestored in the UDM, and the subscription data includes a subscription level. In other words, a subscription level of the one or more user identifiers is preconfigured in the UDM.
  • the secure communication method includes the following steps.
  • the UE sends a registration request message to the AMF, where the registration request message carries a SUCI or a 5G global user temporary identity (5G global user temporary identity, 5G GUTI).
  • the AMF receives the registration request message.
  • the registration request message may carry the SUCI.
  • the registration request message may carry the GUTI.
  • initial registration for short For ease of description, that the UE sends the registration request message to the AMF for the first time may be referred to as initial registration for short; and that the UE sends the registration request message to the AMF not for the first time may be referred to as non-initial registration for short.
  • the AMF sends an authentication request message to the AUSF, where the authentication request message carries the SUCI or a SUPI*.
  • the AUSF receives the authentication request message.
  • the authentication request message may carry the SUCI.
  • the authentication request message may carry the SUPI*.
  • the authentication request message may further carry an identifier (identification, ID) of a serving network.
  • ID identifier
  • the ID of the serving network may be an ID of a network in which the AMF is located.
  • the AUSF sends the authentication request message to the UDM.
  • the UDM receives the authentication request message.
  • the UDM pseudonymizes a SUPI based on a trustworthiness attribute of the SUPI to obtain a new pseudonymized user identifier, for example, the SUPI*.
  • the UDM sends an authentication response message to the AUSF, where the authentication response message carries the new pseudonymized user identifier, for example, the SUPI*.
  • the AUSF receives the authentication response message.
  • the UDM may obtain the SUPI based on the SUCI, and then generate a new SUPI* based on the SUPI. For example, if the authentication request message carries the SUPI*, the UDM may obtain the SUPI based on a previously stored correspondence (SUPI, SUPI*), and then generate a new SUPI* based on the SUPI. Optionally, the UDM may further continue to use an existing SUPI* (for example, the SUPI* carried in the authentication request message) according to a local policy.
  • an existing SUPI* for example, the SUPI* carried in the authentication request message
  • the authentication response message may further carry first indication information and/or second indication information.
  • the first indication information may also be understood as pseudonymization protection indication information
  • the second indication information may be understood as terminal-to-core network protection indication information.
  • the UDM may perform the following processing based on a trustworthiness attribute in the subscription (for example, the trustworthiness attribute of a subscribed SUPI):
  • the UDM may determine that the SUPI requires pseudonymization protection. For another example, if the trustworthiness attribute in the subscription meets an industry data security protection requirement, the UDM determines that the SUPI requires pseudonymization protection. For another example, if the trustworthiness attribute in the subscription indicates that the SUPI indicates a common user, the UDM may perform processing according to a normal procedure. For the normal procedure, refer to a related standard or protocol. For example, the UDM may not pseudonymize the SUPI. For another example, if the trustworthiness attribute in the subscription indicates that the SUPI indicates a VIP, the UDM determines that the SUPI requires pseudonymization protection.
  • the UDM may further send the authentication request message to the UDR, and the UDR pseudonymizes the SUPI based on the trustworthiness attribute of the SUPI to obtain the new SUPI*. Therefore, the UDR sends the authentication response message to the UDM, where the authentication response message carries the new SUPI*.
  • the UDR may directly pseudonymize the SUPI to obtain the new SUPI*. Therefore, the UDR sends the authentication response message to the UDM, where the authentication response message carries the new SUPI*.
  • the authentication response message sent by the UDR to the UDM may further carry a correspondence between the new SUPI* and the SUPI. In this case, both the UDM and UDR can obtain a real user identifier such as the SUPI.
  • a manner in which the UDR obtains the SUPI* may be described as follows: For example, if the authentication request message carries the SUCI, the UDR may obtain the SUPI based on the SUCI, and then generate the new SUPI* based on the SUPI. Optionally, if the authentication request message carries the SUPI*, the UDR may obtain the SUPI based on the previously stored correspondence (SUPI, SUPI*), and then generate the new SUPI* based on the SUPI. Optionally, the UDR may further continue to use the existing SUPI* (for example, the SUPI* carried in the authentication request message) according to the local policy.
  • the existing SUPI* for example, the SUPI* carried in the authentication request message
  • the AUSF continues to perform an authentication procedure on the UE through the AMF.
  • step 406 refers to a related standard or protocol, or the like. This is not limited in this embodiment of this application.
  • the AUSF confirms an authentication success.
  • the AUSF sends an authentication response message to the AMF, where the authentication response message carries the new SUPI*.
  • the AMF receives the authentication response message.
  • the authentication response message may further carry an anchor key.
  • the authentication response message may further carry first indication information and/or second indication information.
  • integrity protection may be further performed on the first indication information and/or the second indication information by using a shared key, to prevent the first indication information and/or the second indication information from, for example, being maliciously tampered with.
  • the shared key may be understood as a shared key between the UE and the AUSF in an authentication process.
  • integrity protection may be performed on the first indication information and/or the second indication information based on a message authentication code (message authentication code, MAC) value.
  • the AMF generates a root key (Kamf) based on the new SUPI* and the anchor key.
  • the AMF generates a user plane key based on the root key.
  • the user plane key may also be referred to as a terminal-to-core network protection key.
  • the terminal-to-core network protection key may include a terminal-to-core network encryption key and a terminal-to-core network integrity protection key.
  • the UDM when the UDM generates the new SUPI*, the UDM may further generate the root key based on the new SUPI*. Therefore, the authentication response message may further carry the root key, so that the AMF can obtain the root key when receiving the authentication response message.
  • the AUSF may further generate the root key based on the new SUPI*.
  • the AMF sends the first indication information and/or the second indication information to the UE.
  • the UE generates the new SUPI* based on the SUPI.
  • the UE may further generate the anchor key by using a method the same as that of the AUSF.
  • the UE may perform integrity protection check on the first indication information by using the shared key between the UE and the AUSF, and then the UE generates the new SUPI*.
  • a method for generating the new SUPI* by the UE may be the same as a method for generating the new SUPI* by the UDM.
  • the UE may further generate the root key Kamf based on the new SUPI*.
  • the UE may further generate the user plane key based on the root key.
  • first indication information and/or the second indication information described above may be further included in a tenth message.
  • a manner of sending the first indication information and/or the second indication information by the AMF is not limited in this embodiment of this application.
  • the AMF sends a registration response message to the UE.
  • the UE receives the registration response message.
  • the registration response message may include a registration accept message.
  • the AMF sends the terminal-to-core network protection key to the UPF through the SMF.
  • encryption or integrity protection may be performed on the data by using the terminal-to-core network protection key. Therefore, the data is prevented from being learned of by a weakly trustworthy or untrustworthy NF, and transmission security of the data is improved.
  • the root key Kamf is generated by the AMF based on the new SUPI* carried in the authentication response message.
  • the UE generates the new SUPI* by using the method the same as that of the UDM, and then generates the root key Kamf based on the new SUPI*.
  • the UDM may further generate the root key Kamf based on the new SUPI*.
  • the authentication response message may include the new SUPI* and the root key Kamf. Therefore, the AMF may directly receive the root key Kamf.
  • the UE may also generate the new SUPI* by using the method the same as that of the UDM, and then generate the root key Kamf based on the new SUPI*.
  • the UDM may generate the new SUPI* by using a security algorithm f1.
  • the authentication response message includes the new SUPI*, and the AMF generates the root key Kamf by using a security algorithm f2 and the new SUPI*. It is ensured, by using the security algorithms f1 and f2, that the root key Kamf generated by the UE based on the new SUPI* is equal to the root key Kamf generated by the AMF.
  • the first request message in FIG. 2A and FIG. 2B may be understood as the authentication request message in FIG. 4A and FIG. 4B
  • the first response message in FIG. 2A and FIG. 2B may be understood as the authentication response message in FIG. 4A and FIG. 4B
  • the first indication information in FIG. 2A and FIG. 2B may be understood as the pseudonymization protection indication information in FIG. 4A and FIG. 4B
  • the second indication information in FIG. 2A and FIG. 2B may be understood as the terminal-to-core network protection indication information in FIG. 4A and FIG. 4B
  • the user plane key shown in FIG. 2A and FIG. 2B may be understood as the terminal-to-core network protection key in FIG. 4A and FIG. 4B .
  • the SUPI is prevented from, for example, being tampered with or intercepted by an insecure or untrustworthy network element or network function, the SUPI is effectively protected, and security of the SUPI is improved.
  • the authentication response message includes the terminal-to-core network protection indication information, to improve security of data exchange between the UE and the UPF.
  • a trustworthiness attribute of a user identifier meets a preset condition, whether to pseudonymize the user identifier.
  • An embodiment of this application further provides a secure communication method.
  • a related network element or network function may be determined based on a trustworthiness level, to provide a service for a terminal device by using the related network element or network function.
  • FIG. 5 is a schematic flowchart of a secure communication method according to an embodiment of this application. The method may be applied to the network architecture shown in FIG. 1 . As shown in FIG. 5 , the secure communication method includes the following steps.
  • a first network function (network function, NF) sends a third request message to an NRF, where the third request message carries a trustworthiness level.
  • the NRF receives the third request message.
  • the first NF may also be understood as a consumer (consumer NF).
  • the trustworthiness level may be used to indicate a trustworthiness degree of a network element or a network function.
  • a trustworthiness degree of an NF varies with a trustworthiness level.
  • the trustworthiness level may be in direct proportion to the trustworthiness degree.
  • the trustworthiness level may be classified into strong trustworthiness, weak trustworthiness, or untrustworthiness.
  • the trustworthiness level may be classified into a level 1, a level 2, or a level 3. A higher level indicates a higher trustworthiness degree.
  • a specific classification manner of the trustworthiness level is not limited in this embodiment of this application.
  • the trustworthiness level described above may be a trustworthiness level of an NF.
  • the trustworthiness level described above may be a trustworthiness level or the like of a slice. Based on different trustworthiness levels, embodiments of this application provide several different methods, as shown in FIG. 6a to FIG. 6c respectively.
  • the third request message may be a message for requesting to query for an NF that can be accessed by a terminal device.
  • the NF that can be accessed by the terminal device may include an AMF, an SMF, a UPF, or the like.
  • the NRF may determine a second NF based on the trustworthiness level.
  • the second NF may also be understood as a producer (producer NF), or may also be understood as a target NF (target NF), or the like.
  • the second NF may represent one NF, or the second NF may represent a plurality of NFs.
  • the second NF may be one or more NFs corresponding to the trustworthiness level.
  • the second NF may be one or more NFs corresponding to the trustworthiness level and an NF type requested by the first NF.
  • Methods for determining the second NF by the NRF are different based on different trustworthiness levels, and may be shown in FIG. 6a to FIG. 6c respectively.
  • the NRF sends identification information of the second NF to the first NF.
  • the first NF receives the identification information of the second NF.
  • the identification information of the second NF may include, for example, a type (an NF type) of the second NF, an instance (an NF instance) of the second NF, an identifier (an NF set ID) of the second NF set, or an IP address of the second NF.
  • a specific identifier indicated by the identification information is not limited in this embodiment of this application.
  • the identification information of the second NF may be included in a third response message.
  • the NRF determines the second NF based on the trustworthiness level, so that after the first NF receives the identification information of the second NF, the first NF exchanges data and/or signaling with the second NF. Therefore, the first NF may interact with an NF (that is, the second NF) corresponding to the trustworthiness level. In an aspect, a requirement of the first NF on the trustworthiness level can be met. In another aspect, the first NF exchanges data and/or signaling with an NF (for example, the second NF) with a high trustworthiness level. This improves security of exchange between the first NF and the second NF.
  • embodiments of this application further provide several methods, which are respectively described as follows:
  • FIG. 6a is a schematic flowchart of a secure communication method according to an embodiment of this application. As shown in FIG. 6a , the method includes the following steps.
  • an NRF stores a trustworthiness level of one or more NFs (including a second NF).
  • the following uses the second NF as an example to describe the method provided in this embodiment of this application. However, the method described below is applicable to not only the second NF but also another NF and the like.
  • a method for storing the trustworthiness level of the one or more NFs in the NRF includes step 601 and step 602.
  • the NRF receives a registration request message sent by the second NF, where the registration request message carries a trustworthiness level of the second NF Correspondingly, the NRF receives the registration request message.
  • the registration request message further carries identification information of the second NF.
  • the NRF stores the trustworthiness level of the second NF.
  • the second NF when sending the registration request message to the NRF, the second NF may send the trustworthiness level of the second NF to the NRF.
  • a trustworthiness level classification method refer to the method shown in FIG. 5 . Details are not described herein again.
  • the NRF may store a correspondence between the identification information and the trustworthiness level of the second NF, for example, (NF instance, NF type, trustworthiness level).
  • the NRF may store a trustworthiness level of an NF in a manner in which one NF corresponds to one trustworthiness level; or the NRF may store trustworthiness levels of a plurality of NFs in a manner in which the plurality of NFs correspond to one trustworthiness level.
  • the foregoing is a method for dynamically obtaining a trustworthiness level of an NF provided in this embodiment of this application.
  • This embodiment of this application further provides a method for statically obtaining a trustworthiness level of an NF.
  • the NRF preconfigures a trustworthiness level of one or more NFs, and stores the trustworthiness level of the one or more NFs.
  • the NRF preconfigures the trustworthiness level of the second NF, and stores the trustworthiness level of the second NF.
  • an operator may preconfigure the trustworthiness level of the second NF for the NRF. It may be understood that a method for configuring the trustworthiness level of the one or more NFs in the NRF is not limited in this embodiment of this application.
  • the NRF may store identification information of the one or more NFs and the trustworthiness level of the one or more NFs.
  • the NRF may store identification information of an NF a and a trustworthiness level of the NF a.
  • the NRF may store identification information of an NF b and a trustworthiness level of the NF b.
  • the NRF may store identification information of an NF c and a trustworthiness level of the NF c.
  • the NF a, the NF b, and the NF c are only used to distinguish between different NFs and do not have other specific meanings.
  • the NRF may store the identification information of the one or more NFs and the trustworthiness level of the one or more NFs above may also be understood as that the NRF stores the one or more NFs and the trustworthiness level of the one or more NFs; or may also be understood as that the NRF stores a correspondence between the identification information and the trustworthiness level of the one or more NFs, and the like.
  • a specific description method is not limited in this embodiment of this application.
  • a first NF obtains a trustworthiness attribute of a first user identifier from the third NF, and determines a trustworthiness level based on the trustworthiness attribute of the first user identifier.
  • the trustworthiness attribute of the first user identifier may be used to indicate whether the first user identifier needs to be pseudonymized, and so on. If the first user identifier needs to be pseudonymized, it indicates that the first user identifier requires a higher trustworthiness level. Therefore, after obtaining the trustworthiness attribute of the first user identifier, the third NF may determine the trustworthiness level based on the trustworthiness attribute of the first user identifier. For how the third NF obtains the trustworthiness attribute of the first user identifier, refer to the method shown in FIG. 2A and FIG. 2B . Details are not described herein again.
  • the first NF may perform step 603 when the first NF receives a network access request message sent by a terminal device.
  • the first NF may perform step 603 when the first NF receives a session establishment request message sent by the terminal device.
  • the first NF may perform step 603 or the like in another scenario. This is not limited in this embodiment of this application.
  • the first NF sends a third request message to the NRF, where the third request message carries a trustworthiness level.
  • the NRF receives the third request message.
  • the NRF determines the second NF based on the stored correspondence between the identification information of the second NF and the trustworthiness level of the second NF, and the trustworthiness level carried in the third request message.
  • the NRF stores the identification information and the trustworthiness level of the one or more NFs may also be understood as that the NRF stores the correspondence between the identification information of the one or more NFs and the trustworthiness level of the one or more NFs; or may also be understood that the NRF stores the identification information of the NF and the trustworthiness level of the NF.
  • a method for storing the identification information of the NF and the trustworthiness level of the NF in the NRF refer to related descriptions of step 601 and step 602. Details are not described herein again.
  • the trustworthiness level of the second NF may be equal to the trustworthiness level carried in the third request message. In some other implementations, the trustworthiness level of the second NF may alternatively be higher than the trustworthiness level carried in the third request message, and so on. This is not limited in this application.
  • the NRF may store (NF 2, trustworthiness level being, for example, a high level), (NF 3, trustworthiness level being, for example, a high level), (NF 4, trustworthiness level being, for example, a weak level), and (NF 5, trustworthiness level being, for example, an untrustworthiness level).
  • the trustworthiness level carried in the third request message is a high trustworthiness level.
  • the NRF may determine, from the stored trustworthiness levels of the NFs, an NF with a high trustworthiness level, for example, the NF 2 and/or the NF 3, as the second NF. It may be understood that the NF 2, the NF 3, the NF 4, and the NF 5 in the foregoing example may be NFs of a same type.
  • the NRF may further store trustworthiness levels of various different types of NFs.
  • the NRF may further determine the second NF based on the NF type requested by the first NF. For example, if the first NF needs to request an AMF that can be accessed by the terminal device, the second NF is an NF corresponding to the trustworthiness level carried in the third request message.
  • the trustworthiness level carried in the third request message is a weak trustworthiness level
  • the trustworthiness level of the second NF may corresponding to the weak trustworthiness level; or the trustworthiness level of the second NF may be higher than the weak trustworthiness level.
  • a trustworthiness level of an NF may also be understood as a trustworthiness level corresponding to an identifier of the NF.
  • the NRF sends the identification information of the second NF to the first NF.
  • the first NF receives the identification information of the second NF.
  • the NRF stores trustworthiness levels of NFs (including the second NF), so that the first NF can request an NF with a high trustworthiness level from the NRF. Therefore, the first NF may exchange data and/or signaling with the NF with the high trustworthiness level (for example, the second NF), to ensure security of the data and/or the signaling.
  • FIG. 6b is a schematic flowchart of a secure communication method according to an embodiment of this application. As shown in FIG. 6b , the method includes the following steps.
  • a first NF sends a fourth request message to an NSSF, where the fourth request message carries identification information of a first slice.
  • the NSSF receives the fourth request message.
  • a specific type of the fourth request message is not limited in this embodiment of this application.
  • the NSSF determines a trustworthiness level of the first slice based on first preconfiguration information and the identification information of the first slice that is carried in the fourth request message.
  • the first preconfiguration information is configured by an operator, another NF, or the like. This is not limited in this application.
  • the first preconfiguration information may store identification information of a slice and a trustworthiness level of the slice.
  • the first preconfiguration information may store a correspondence between identification information and a trustworthiness level of one or more slices.
  • the first preconfiguration information includes the identification information of the first slice and the trustworthiness level of the first slice.
  • the trustworthiness level of the first slice may also be understood as a trustworthiness level corresponding to the identification information of the first slice.
  • Trustworthiness levels of a plurality of slices may also be understood as trustworthiness levels corresponding to identification information of the plurality of slices.
  • the plurality of slices may correspond to one trustworthiness level, or the plurality of slices may correspond to a plurality of trustworthiness levels.
  • one slice corresponds to one trustworthiness level, or two slices correspond to one trustworthiness level. How the NSSF stores a relationship between a slice and a trustworthiness level is not limited in this embodiment of this application.
  • the NSSF may search, based on the identification information of the first slice, the stored trustworthiness level of the one or more slices for the trustworthiness level corresponding to the first slice, to obtain the trustworthiness level of the first slice.
  • the NSSF sends a fourth response message to the first NF, where the fourth response message carries the trustworthiness level of the first slice.
  • the first NF receives the fourth response message.
  • That the fourth response message carries the trustworthiness level of the first slice may also be understood as that the fourth response message carries the trustworthiness level corresponding to the identification information of the first slice.
  • the fourth response message further carries the identification information of the first slice.
  • the first NF sends a third request message to an NRF, where the third request message carries the trustworthiness level of the first slice and the identification information of the first slice.
  • the NRF receives the third request message.
  • the NRF determines, based on the identification information of the first slice, a second NF set corresponding to the first slice; and determines a second NF from the second NF set based on a stored correspondence between identification information of an NF and a trustworthiness level of the NF, and the trustworthiness level of the first slice.
  • the NRF may store a correspondence between identification information and a trustworthiness level of one or more NFs.
  • the NRF stores identification information of one or more NFs and a trustworthiness level of the one or more NFs. Therefore, the NRF may determine the second NF from the second NF set based on the trustworthiness level of the first slice.
  • a quantity of NFs included in the second NF set is not limited in this embodiment of this application.
  • the second NF set may include one NF such as the second NF.
  • the second NF set may alternatively include a plurality of NFs, and the plurality of NFs include the second NF. It may be understood that the descriptions of the second NF set are also applicable to another embodiment of this application.
  • the NRF sends identification information of the second NF to the first NF.
  • the first NF receives the identification information of the second NF.
  • the method shown in FIG. 6b may further include the following steps.
  • the NRF receives a registration request message sent by the second NF, where the registration request message carries a trustworthiness level of the second NF Correspondingly, the NRF receives the registration request message.
  • the registration request message further carries the identification information of the second NF.
  • the NRF stores the trustworthiness level of the second NF.
  • step 617 and step 618 refer to step 601 and step 602 shown in FIG. 6a . Details are not described herein again.
  • FIG. 6c is a schematic flowchart of a secure communication method according to an embodiment of this application. As shown in FIG. 6c , the method includes the following steps.
  • a first NF sends a fourth request message to an NSSF, where the fourth request message carries identification information of a first slice.
  • the NSSF receives the fourth request message.
  • a specific type of the fourth request message is not limited in this embodiment of this application.
  • the NSSF determines a trustworthiness level of a second NF set based on second preconfiguration information and the identification information of the first slice.
  • the second preconfiguration information is configured by an operator, another NF, or the like. This is not limited in this application.
  • the second preconfiguration information includes identification information of an NF set and a trustworthiness level of the NF set.
  • the second preconfiguration information may include a correspondence between identification information of the second NF set and the trustworthiness level of the second NF set.
  • the second preconfiguration information may further include identification information of a slice and identification information of an NF set.
  • the second preconfiguration information may include a correspondence between the identification information of the first slice and the identification information of the second NF set.
  • one slice may correspond to one or more NF sets, and one NF set may correspond to one trustworthiness level.
  • the NSSF may determine, based on the identification information of the first slice that is carried in the fourth request message, an NF set, for example, the second NF set, corresponding to the first slice, and then determine the trustworthiness level corresponding to the second NF set.
  • the NSSF sends a fourth response message to the first NF, where the fourth response message carries the identification information of the second NF set and the trustworthiness level of the second NF set.
  • the first NF receives the fourth response message.
  • the first NF sends a third request message to an NRF, where the third request message carries the trustworthiness level of the second NF set and the identification information of the second NF set.
  • the NRF receives the third request message.
  • the NRF determines a second NF from the second NF set based on a stored correspondence between identification information of an NF and a trustworthiness level of the NF, and the trustworthiness level of the second NF set.
  • the NRF sends identification information of the second NF to the first NF.
  • the first NF receives the identification information of the second NF.
  • the method shown in FIG. 6b may further include the following steps.
  • the NRF receives a registration request message sent by the second NF, where the registration request message carries a trustworthiness level of the second NF Correspondingly, the NRF receives the registration request message.
  • the registration request message further carries the identification information of the second NF.
  • the NRF stores the trustworthiness level of the second NF.
  • step 627 and step 628 refer to step 601 and step 602 shown in FIG. 6a . Details are not described herein again.
  • FIG. 6d is a schematic flowchart of a secure communication method according to an embodiment of this application. As shown in FIG. 6d , the method includes the following steps.
  • a first NF sends a fourth request message to an NSSF, where the fourth request message carries identification information of a first slice.
  • the NSSF receives the fourth request message.
  • the NSSF determines, based on third preconfiguration information and the identification information of the first slice, one or more NFs corresponding to the first slice and a trustworthiness level corresponding to the one or more NFs.
  • the third preconfiguration information includes a correspondence between identification information of a slice and identification information of an NF.
  • the third preconfiguration information may include a correspondence between one or more slices and NFs.
  • one slice may correspond to one or more NFs
  • one NF may correspond to one trustworthiness level.
  • the plurality of NFs correspond to a same trustworthiness level, or the plurality of NFs correspond to different trustworthiness levels.
  • the first slice may correspond to an NF 7 (a high trustworthiness level), an NF 8 (a high trustworthiness level), and an NF 9 (a high trustworthiness level).
  • the first slice may correspond to an NF 7 (a high trustworthiness level), an NF 8 (a high trustworthiness level), and an NF 10 (a weak trustworthiness level).
  • the NSSF sends a fourth response message to the first NF, where the fourth response message carries identification information of one or more NFs and a trustworthiness level of the one or more NFs.
  • the first NF receives the fourth response message.
  • a difference from FIG. 6c lies in that, the fourth response message in FIG. 6c carries the trustworthiness level of the second NF set, while the fourth response message in FIG. 6d carries the trustworthiness level of the one or more NFs.
  • the trustworthiness level in FIG. 6c is specific to a set. Whether a trustworthiness level of one or more corresponding NFs in the second NF set is the same is not limited in this embodiment of this application. In other words, the trustworthiness level of the NF included in the second NF set may alternatively be lower than the trustworthiness level carried in the third request message.
  • FIG. 6c carries the trustworthiness level of the second NF set
  • the fourth response message in FIG. 6d carries the trustworthiness level of the one or more NFs.
  • the trustworthiness level in FIG. 6c is specific to a set. Whether a trustworthiness level of one or more corresponding NFs in the second NF set is the same is not limited in this embodiment of this application
  • the fourth response message directly carries the identification information of the one or more NFs and the trustworthiness level of the one or more NFs. Therefore, the first NF may directly select one NF from the one or more NFs as a second NF. To be specific, after the first NF receives the fourth response message, the first NF may determine, based on the trustworthiness level of the one or more NFs, the second NF that interacts with the first NF.
  • the NSSF sends the trustworthiness level of the one or more NFs to the first NF, so that the first NF can quickly determine the second NF.
  • Implementation is simple and efficiency is high.
  • first NF and the second NF described above are merely examples.
  • more NFs may be involved in a scenario in which a terminal device needs to access a network or establish a session connection, or the like.
  • the technical solution provided in this embodiment of this application is applicable to more NFs.
  • the first NF interacts with the NRF or the NSSF, to obtain the second NF that interacts with the first NF and that has a high trustworthiness level. Security of service exchange is ensured during related processing.
  • This application further provides a secure communication method.
  • the method is described as follows:
  • the DNS may determine the second NF based on a stored correspondence between the domain name information and the identification information and a stored correspondence between the identification information and the trustworthiness level (or a stored correspondence between the domain name information and the trustworthiness level). For example, a correspondence between domain name information (or identification information) of one or more NFs and a trustworthiness level of the one or more NFs may be configured in the DNS. The DNS determines the second NF based on the trustworthiness level, so that the first NF may receive the identification information of the second NF, where the identification information of the second NF may include an IP address or the like of the second NF.
  • the first NF may interact with an NF (that is, the second NF) corresponding to the trustworthiness level.
  • an NF that is, the second NF
  • a requirement of a user identifier corresponding to a terminal device on the trustworthiness level can be met.
  • the first NF exchanges data and/or signaling with an NF (for example, the second NF) with a high trustworthiness level. This improves security of exchange between the first NF and the second NF.
  • identification information of the second NF may be carried in a fifth response message or the like. This is not limited in this embodiment of this application.
  • the first NF may further include an access device or the like
  • the second NF may include an AMF or the like.
  • the methods shown in FIG. 5 to FIG. 6d may be further combined with the methods shown in FIG. 2A and FIG. 2B to FIG. 4A and FIG. 4B .
  • the first user identifier may exist in a form of a pseudonym between different NFs.
  • the first NF may select an NF with a high trustworthiness level, for example, the second NF for interaction, and when the first NF interacts with the second NF, the first user identifier may exist in a form of a pseudonym (or a real user identifier) between the first NF and the second NF.
  • data and/or signaling may be further encrypted by using the user plane key, to ensure security of the data and/or the signaling.
  • the following uses a specific NF as an example to describe the secure communication method provided in this application.
  • the method implements manners such as authorization by level, pseudonym, or NF, and improves network deployment feasibility, data security, and the like.
  • the trustworthiness levels of the NFs described above may include, for example, a trustworthy NF, a weakly trustworthy NF, and an untrustworthy NF.
  • the trustworthy NF may include a trustworthy data NF, a trustworthy control NF, and a trustworthy support NF, as shown in Table 1.
  • the trustworthy data NF may be configured to store subscription data and the like.
  • the trustworthy data NF may include the third NF or the fourth NF described above.
  • the trustworthy control NF may be configured to address an NF, or the like.
  • the trustworthy control NF may include the first NF, the NRF, the NSSF, or the like described above.
  • the trustworthy support NF may include the user plane function described above.
  • the trustworthy support NF may include the UPF, a MEC, or the like.
  • the trustworthy support NF may be a user plane network element authorized by an operator.
  • the trustworthy support NF may skip uploading data (support an agreed check) based on an industry data requirement; or start terminal-to-core network protection based on an access network status (that is, encrypt data by using a user plane key); or start protection between trustworthy support NFs based on a network condition.
  • Table 1 Name Included main fields Trustworthy network element Trustworthy data NF, trustworthy control NF, and trustworthy support NF Weakly trustworthy network element Common PLMN network element
  • the trustworthy data NF may include a 5G UDM, a 4G UDM, an HSS, a PCF in a mobile network, or the like, or may be a user database part in the foregoing network element, or the like.
  • the trustworthy data NF is trustworthy because the trustworthy data NF needs to store sensitive user information such as a user ID, a key, and subscription data. In other words, high sensitivity of the trustworthy data NF lies in that the trustworthy data NF needs to store the sensitive user information.
  • the trustworthy control NF may include a 5G NRF, a DNS, a 4G DNS, or the like. Addressing between NFs is controlled by the NRF, the DNS, or the like, and topology hiding, directional traffic steering, and the like can be performed. High sensitivity of the trustworthy control NF lies in that the trustworthy control NF needs to store data information such as network topology control.
  • the DNS is configured to configure IP addressing between physical network elements (for example, between an access device and an AMF).
  • the NRF is configured to configure addressing between virtual network functions (virtual network functions, VNFs) (for example, between an AMF and an SMF in a same physical data center).
  • VNFs virtual network functions
  • the NRF may further configure a trustworthy support NF, a weak trustworthy support NF, and the like.
  • the trustworthy control NF may further include an SCP, configured to process an indirect addressing process and a topology hiding process that are specified in a 3GPP standard.
  • an AMF 2 in FIG. 7b may indirectly address an SMF 2 through the SCP, and then the AMF 2 may indirectly communicate with the SMF 2 through the SCP.
  • the SMF may preconfigure some trustworthy support NFs that are trustworthy for all UEs.
  • the trustworthy control NF may further include a default AMF (or a default AMF such as a default AMF) and an NSSF, and is configured to obtain real subscription data of a user before slice selection.
  • a default AMF uses a real ID (for example, a first user identifier) of the UE 1 that is obtained from a trustworthy UDM.
  • the trustworthy support NF may include a UPF.
  • the UPF may be a UPF that decrypts and views data, and may not be all UPFs in a network.
  • the trustworthy support NF may further include a multi-access edge computing (multi edge compute, MEC).
  • MEC multi edge compute
  • the MEC and the UPF may be two different NFs, or the MEC and the UPF may be integrated into one NF.
  • the trustworthy data NF, the trustworthy control NF, and the trustworthy support NF described above may be configured by an operator, or the like, that is, the trustworthy NF in the network is statically configured.
  • related information of the trustworthy NF may be stored in the trustworthy data NF.
  • related information (for example, preconfiguration information) of the trustworthy NF may be stored in the NRF, the NSSF, or the like.
  • the trustworthy NF described above may alternatively be determined by the trustworthy control NF (such as the NRF) or the like.
  • the NRF may determine the second NF that interacts with the first NF.
  • the trustworthy control NF may configure, based on a preset NF type (a type such as an AMF, an SMF, or a UPF), some trustworthy support NFs that may be trustworthy for all UEs; or may configure some trustworthy support NFs that are trustworthy for some UEs.
  • a preset NF type a type such as an AMF, an SMF, or a UPF
  • some trustworthy support NFs may be trustworthy for all UEs
  • some trustworthy support NFs that are trustworthy for some UEs.
  • a UPF 1 may be used as a trustworthy support NF.
  • UE 5 not shown in FIG.
  • a trustworthy support NF that interacts with the UE 5 is not necessarily the UPF 1.
  • the trustworthy control NF may configure some trustworthy support NFs.
  • the trustworthy support NF is trustworthy for all UEs, or the trustworthy support NF is trustworthy only for some UEs.
  • the trustworthy data NF may configure the trustworthy support NF according to the following methods.
  • An example is as follows:
  • Table 2 shows an example of a trustworthiness attribute of a user identifier and a network configuration policy in a trustworthy data NF.
  • Table 2 Rule number Subscribed PLMN Trustworthiness attribute Trustworthy data NF Trustworthy control NF Trustworthy NF authorized according to a policy rule Policy rule 1 User that subscribes to an operator VIP UDM, UDR, PCF, and the like NRF, DNS, default AMF, NSSF, and the like
  • the trustworthy NF (for example, an SMF or a UPF) provides a trustworthy service for the VIP.
  • the trustworthy support NF may provide a trustworthy service for the UE.
  • UDM, UDR, PCF, and the like NRF, DNS, and default AMF/NSSF Pseudonymized access to an NF to protect a real identity User that subscribes to an operator Common user, with no special requirement Common NF, for example, a common UDM, UDR, or PCF (for example, a weakly trustworthy UDM)
  • Common NF Access to a network with a real user identifier Policy rule 2
  • Obtaining data from a subscribed UDM in a home PLMN A trustworthy control NF does not exist in a local network but exists in a home network.
  • the trustworthiness attribute in Table 2 indicates a trustworthiness attribute of a user identifier (for example, the first user identifier), or may be understood as a trustworthiness attribute of a terminal device that applies the user identifier.
  • the trustworthy data NF may represent an NF that stores information such as subscription data of the user identifier.
  • the trustworthy data NF in Table 2 may be understood as the third NF and/or the fourth NF in this application.
  • the trustworthy control NF may be understood as the first NF, the NRF, the NSSF, or the like in this application.
  • the trustworthy NF authorized according to the policy rule in Table 2 may represent an NF that provides a service for the terminal device, and the trustworthy NF may be understood as the second NF in this application.
  • the policy rule may indicate that an NF that provides a service for the VIP is a trustworthy NF.
  • the trustworthy NF may include a trustworthy control NF such as an SMF and/or an AMF, and a trustworthy support NF such as a UPF.
  • the UE 1 may interact with an application server by using a trustworthy access network, a trustworthy transport network, a trustworthy support NF such as the UPF 1, a trustworthy control NF, a trustworthy data NF, and a trustworthy support NF such as the UPF 4.
  • a user identifier of the VIP may be further pseudonymized, to protect the user identifier.
  • the UE may interact with the UPF 1 and the UPF 4 by using a user plane key.
  • the policy rule may be pseudonymizing the user identifier.
  • UE 2 or UE 3 may encrypt or pseudonymize a real user identifier.
  • the policy rule may further include that the UE interacts with the UPF by using a user plane key. If the UE does not support interaction with the UPF by using the user plane key (that is, the UE does not support terminal-to-core network protection), the UE may further interact with a trustworthy UPF. As shown in FIG.
  • the UE 2 or the UE 3 may implement hop-by-hop (HOP by HOP) network encryption or integrity protection (that is, encryption from the UE 2 or the UE 3 to the UPF 4, and encryption from the UPF 4 to the application server) through a trustworthy support node such as the UPF 4, and so on.
  • HOP hop-by-hop
  • Table 3 shows a function of each trustworthy control node.
  • the trustworthy control NF may store a trustworthiness level of an NF, a trustworthiness level of an NF set, or a trustworthiness level of a slice.
  • Table 3 Number Trustworthiness attribute Trustworthy control NF Function Network topology configuration policy 1 User with a high trustworthiness requirement DNS Configuring and storing a highly trustworthy NF NRF Configuring and storing a trustworthiness level of an NF Default AMF Addressing a trustworthy NF through an NSSF, an NRF, an SCP, or the like NSSF Storing a trustworthiness level of a slice, a trustworthiness level of an NF set corresponding to a slice, or the like SCP Configuring and storing a route to a trustworthy NF
  • Table 4 shows different network topology configuration policies and requirements of different user identifiers. It may be understood that Table 4 may also be understood as a supplementary description of Table 3.
  • Table 4 Number Trustworthiness attribute Trustworthy control NF Requirement Network topology configuration policy 2 User with an industry data security protection requirement DNS, NRF, default AMF, and NSSF A trustworthy NF is required; or for a weakly trustworthy NF, a user identifier needs to be pseudonymized, or encrypted by using a user plane key.
  • Network topology configuration policy 3 Users with an identity privacy requirement Each NF Pseudonymized access required by a common NF Network topology configuration policy 4 Common user Each NF Common NF Network topology configuration policy 5 Risk control scenario Each NF The policy is visible to an NF that passes through a selected and configured firewall.
  • FIG. 7a and FIG. 7b each are a schematic diagram of a network architecture for secure communication according to an embodiment of this application.
  • a trustworthy data NF included in the network architecture may be a UDM 1 in FIG. 7a
  • a trustworthy control NF may be the NRF/DNS/default AMF/NSSF in FIG. 7a
  • trustworthy support NFs may be the UPF 1 and the UPF 4 in FIG. 7a .
  • Another NF (such as an AMF, an SMF, or a UPF) in a 5GC may be a weakly trustworthy general NF (which may also be referred to as a common NF).
  • the AMF 2, an AMF 3, the SMF 2, an SMF 3, a UPF 2, or a UPF 3 in FIG. 7b may be a general NF. Some trustworthy NFs are deployed, and remaining NFs are general NFs. This manner is easy to implement, and a network architecture can be quickly deployed.
  • a terminal device to which FIG. 7a and FIG. 7b are applied may be any type of device. A specific type of the terminal device is not limited in embodiments of this application.
  • a weakly trustworthy NF cannot obtain a real user identifier of the terminal device.
  • the AMF 2 and the AMF 3 may obtain pseudonymized user identifiers of the UE 2 and the UE 3 from a trustworthy data NF of an operator, and perform service processing (which may also be understood as data and/or signaling processing and the like) by using the pseudonymized user identifiers.
  • the AMF 2 and the AMF 3 do not need to perceive real user identifiers.
  • the AMF 2 and the AMF 3 may generate root keys based on the pseudonymized user identifiers, further generate user plane keys based on the root keys, and interact with the trustworthy support node, namely, the UPF 4 through SMFs (such as the SMF 2 and the SMF 3).
  • the trustworthy support node namely, the UPF 4 through the weakly trustworthy support node, namely, the UPF 2 or the UPF 3
  • the intermediate weakly trustworthy support node namely, the UPF 2 or the UPF 3 cannot learn of real data of the UE.
  • an untrustworthy NF may be an access device that easily listens to an air interface, such as Wi-Fi, or a risky transmission NF, such as a wide area network.
  • an air interface such as Wi-Fi
  • a risky transmission NF such as a wide area network.
  • the untrustworthy NF for example, the UPF 2 or the UPF 3 cannot learn of real data of the UE.
  • a trustworthiness attribute of the UE 1 meets a preset condition, and trustworthiness attributes of the UE 2 and the UE 3 do not meet the preset condition.
  • Subscription data of the UE 1, the UE 2, and the UE 3, and the like may be stored in a trustworthy data NF.
  • the UE 1, the UE 2, and the UE 3 subscribe to an operator AN 1, and the operator AN 1 stores a real user identifier, real subscription data, a real key, and the like in a trustworthy data NF (a trustworthy UDM, a trustworthy PCF, or a trustworthy database thereof).
  • an NF that interacts with the UE 1 may be an NF with a high trustworthiness level, for example, a trustworthy NF.
  • the UE 1 may interact with the application server by using a trustworthy access network, a trustworthy transport network, and a trustworthy 5th generation mobile communication core network (5G core, 5GC).
  • the user identifier of the UE 1 may be transmitted in a form of a pseudonym between different NFs.
  • the user identifier of the UE 1 may alternatively be transmitted in a form of a real user identifier between different NFs (or transmitted in a trustworthy security domain).
  • the UE 2 or the UE 3 may interact with the application server by using an untrustworthy access network or a weakly trustworthy access network, an untrustworthy transport network or a weakly trustworthy transport network, a weakly trustworthy 5GC, or a trustworthy support node such as the UPF 4.
  • the user identifier of the UE 2 or the UE 3 may be pseudonymized.
  • user data of the UE 2 or the UE 3 may be encrypted for transmission, and so on.
  • E2E application layer protection may be performed on a data flow of the UE 2 based on a service requirement, or data protection may be performed between the terminal and a trustworthy support NF (for example, the UPF 4).
  • a trustworthy support NF for example, the UPF 4
  • user IDs of the UE 2 and the UE 3 are transmitted in an untrustworthy area (that is, an untrustworthy domain), for example, the UPF 2 or the UPF 3, and arrive at the UPF 4
  • protection is performed by using the pseudonymization solution in this application.
  • user plane data may be encrypted and integrity-protected by using a user plane key between the terminal and a trustworthy support NF (for example, the UPF 4) in this application. If application layer data protection is performed, content such as a responsibility to be taken when the law is violated needs to be specified because data cannot be monitored.
  • a trustworthy support NF for example, the UPF 4
  • FIG. 7a and FIG. 7b are merely examples, and should not be understood as a limitation on embodiments of this application.
  • a small quantity of trustworthy NFs such as a trustworthy data NF, a trustworthy control NF, and a trustworthy support NF may be deployed.
  • the trustworthy NF may obtain real data (such as a real user identifier or real user data) and a network topology, and another NF does not need to learn of the content. Deployment is simple and efficient, and feasibility of network construction is improved.
  • FIG. 8 is a schematic diagram of a structure of a communication apparatus according to an embodiment of this application.
  • the communication apparatus may be configured to perform operations performed by the terminal device in the foregoing method embodiments.
  • the communication apparatus may be configured to perform the method shown in FIG. 3a and/or the method shown in FIG. 3b .
  • the communication apparatus includes a transceiver unit 801 and a processing unit 802.
  • the transceiver unit 801 is configured to receive first indication information sent by a first NF, where the first indication information is used to indicate a terminal device to generate second pseudonym information and/or a root key.
  • the processing unit 802 is configured to: generate the second pseudonym information based on a first user identifier; generate the root key based on the second pseudonym information; and generate an access stratum key and/or a non-access stratum key based on the root key, where the access stratum key is used to protect data and/or signaling between the terminal device and an access device, and the non-access stratum key is used to protect data and/or signaling between the terminal device and the first NF.
  • the transceiver unit 801 is configured to receive second indication information sent by a first NF, where the second indication information is used to indicate a terminal device to generate a user plane protection key.
  • the processing unit 802 is configured to: generate second pseudonym information based on a first user identifier; generate a root key based on the second pseudonym information; and generate a user plane key based on the root key, where the user plane key is used to protect data between the terminal device and a user plane function.
  • the processing unit 802 may be one or more processors, and the transceiver unit 801 may be a transceiver; or the transceiver unit 801 may be a sending unit and a receiving unit, the sending unit may be a transmitter, the receiving unit may be a receiver, and the sending unit and the receiving unit are integrated into one component, for example, a transceiver.
  • the processing unit 802 may be one or more processors, or the processing unit 802 may be a processing circuit or the like.
  • the transceiver unit 801 may be an input/output interface, which is also referred to as a communication interface, an interface circuit, an interface, or the like.
  • the transceiver unit 801 may be a sending unit and a receiving unit, the sending unit may be an output interface, the receiving unit may be an input interface, and the sending unit and the receiving unit are integrated into one unit, for example, an input/output interface.
  • the communication apparatus in this embodiment of this application may perform any function performed by the terminal device in the foregoing method embodiments.
  • steps and/or functions that may be performed refer to detailed descriptions in the foregoing method embodiments. Only brief descriptions are provided herein, and details are not described again.
  • the communication apparatus may be the terminal device in the foregoing method embodiments.
  • the transceiver unit 801 may be implemented by using a transceiver
  • the processing unit 802 may be implemented by using a processor.
  • the communication apparatus 90 includes one or more processors 920 and a transceiver 910. The processor and the transceiver may be configured to perform a function, an operation, or the like performed by the terminal device.
  • the transceiver may be configured to receive first indication information sent by a first NF.
  • the processor may be configured to: generate second pseudonym information based on a first user identifier; generate a root key based on the second pseudonym information; and generate an access stratum key and/or a non-access stratum key based on the root key.
  • the transceiver may be configured to receive second indication information sent by a first NF.
  • the processor may be configured to: generate second pseudonym information based on a first user identifier; or generate a root key based on the second pseudonym information; or generate a user plane key based on the root key.
  • processors and the transceiver refer to the methods shown in FIG. 2A and FIG. 2B to FIG. 7b . Details are not described herein again.
  • the transceiver may include a receiver and a transmitter.
  • the receiver is configured to perform a receiving function (or operation)
  • the transmitter is configured to perform a transmitting function (or operation).
  • the transceiver is configured to communicate with another device/apparatus by using a transmission medium.
  • the processor 920 receives and sends data and/or signaling by using the transceiver 910, and is configured to implement a corresponding method and the like in FIG. 3a and/or FIG. 3b in the foregoing method embodiments.
  • the communication apparatus 90 may further include one or more memories 930, configured to store program instructions and/or data.
  • the memory 930 is coupled to the processor 920.
  • the memory 930 may be configured to store the root key, the access stratum key, or the non-access stratum key.
  • the coupling in this embodiment of this application may be an indirect coupling or a communication connection between apparatuses, units, or modules in an electrical form, a mechanical form, or another form, and is used for information exchange between the apparatuses, the units, or the modules.
  • the processor 920 may operate cooperatively with the memory 930.
  • the processor 920 may execute the program instructions stored in the memory 930.
  • at least one of the one or more memories may be included in the processor.
  • a specific connection medium between the transceiver 910, the processor 920, and the memory 930 is not limited in this embodiment of this application.
  • the memory 930, the processor 920, and the transceiver 910 are connected by using a bus 940, and the bus is represented by a thick line in FIG. 9 .
  • the bus may be classified into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is used to represent the bus in FIG. 9 , but this does not mean that there is only one bus or only one type of bus.
  • the processor may be a general-purpose processor, a digital signal processor, an application-specific integrated circuit, a field programmable gate array or another programmable logic device, a discrete gate or a transistor logic device, a discrete hardware component, or the like, and may implement or perform the methods, steps, and logical block diagrams disclosed in embodiments of this application.
  • the general-purpose processor may be a microprocessor, any conventional processor, or the like. The steps of the method disclosed with reference to embodiments of this application may be directly performed by a hardware processor, or may be performed by using a combination of hardware in the processor and a software module, or the like.
  • the terminal device may further have more components than those in FIG. 9 .
  • the terminal device shown in FIG. 9 may further include an antenna. This is not limited in this embodiment of this application.
  • the core device may be any device in a third NF, a fourth NF, an NRF, an NSSF, or a DNS.
  • the communication apparatus may be a circuit system in the terminal device.
  • the processing unit 802 may be implemented by using a processing circuit
  • the transceiver unit 801 is implemented by using an interface circuit.
  • the communication apparatus may include a processing circuit 1002 and an interface circuit 1001.
  • the processing circuit 1002 may be a chip, a logic circuit, an integrated circuit, a processing circuit, a system on chip (system on chip, SoC), or the like.
  • the interface circuit 1001 may be a communication interface, an input/output interface, or the like.
  • the interface circuit may be configured to obtain first indication information and/or second indication information.
  • the processing circuit may be configured to: generate second pseudonym information based on a first user identifier; generate a root key based on the second pseudonym information; and generate an access stratum key and/or a non-access stratum key based on the root key.
  • the processing circuit may be further configured to: generate second pseudonym information based on a first user identifier; generate a root key based on the second pseudonym information; and generate a user plane key based on the root key.
  • processing circuit and the interface circuit refer to the methods shown in FIG. 2A and FIG. 2B to FIG. 7b . Details are not described herein again.
  • the processing circuit may be a general-purpose processor, a digital signal processor, an application-specific integrated circuit, a field programmable gate array or another programmable logic device, a discrete gate or a transistor logic device, a discrete hardware component, or the like, and may implement or perform the methods, steps, and logical block diagrams disclosed in embodiments of this application. It may be understood that the descriptions of the processing circuit are all applicable to a circuit system described below.
  • the circuit system is a circuit system of any NF in a third NF, a fourth NF, an NRF, an NSSF, or a DNS.
  • FIG. 8 is still used.
  • FIG. 8 is a schematic diagram of a structure of a communication apparatus according to an embodiment of this application.
  • the communication apparatus may be configured to perform operations performed by the first NF in the foregoing method embodiments.
  • the communication apparatus may be configured to perform the methods performed by the first NF in FIG. 2A and FIG. 2B to FIG. 6d .
  • the communication apparatus may be further configured to perform the method performed by the trustworthy control NF in FIG. 7a .
  • the communication apparatus includes a transceiver unit 801 and a processing unit 802.
  • the transceiver unit 801 is configured to send a first request message to a third NF, where the first request message carries first pseudonym information of a first user identifier of a terminal device.
  • the transceiver unit 801 is further configured to receive a first response message from the third NF, where the first response message carries second pseudonym information of the first user identifier.
  • the first response message further carries first indication information and/or second indication information, the first indication information is used to indicate to generate the second pseudonym information and/or a root key, and the second indication information is used to indicate to generate a user plane key.
  • the processing unit 802 is further configured to: if the first response message carries the first indication information, generate the root key based on the second pseudonym information.
  • the transceiver unit 801 is further configured to send the first indication information to the terminal device.
  • the processing unit 802 is further configured to: if the first response message carries the second indication information, generate the user plane key based on the second pseudonym information.
  • the transceiver unit 801 is further configured to send the second indication information to the terminal device.
  • the transceiver unit 801 is further configured to send the user plane key to a user plane function.
  • the transceiver unit 801 is configured to: send a third request message to an NRF, where the third request message carries a trustworthiness level; and receive a third response message from the NRF, where the third response message carries identification information of a second NF.
  • the communication apparatus exchanges data and/or signaling with the second NF by using the transceiver unit 801.
  • the processing unit 802 is configured to obtain a trustworthiness attribute of the first user identifier, and determine a trustworthiness level based on the trustworthiness attribute of the first user identifier.
  • the transceiver unit 801 is further configured to: send a fourth request message to an NSSF, where the fourth request message carries identification information of a first slice; and receive a fourth response message from the NSSF, where the fourth response message carries a trustworthiness level of the first slice; or the fourth response message carries a trustworthiness level of a second NF set.
  • the third request message when the fourth response message carries the trustworthiness level of the first slice, the third request message carries the trustworthiness level of the first slice and the identification information of the first slice; or when the fourth response message carries the trustworthiness level of the second NF set, the third request message carries the trustworthiness level of the second NF set and identification information of the second NF set.
  • the transceiver unit 801 is further configured to send a registration request message to an NRF, where the registration request message carries a trustworthiness level of the first NF.
  • the transceiver unit 801 is further configured to send a fifth request message to a DNS, where the fifth request message carries domain name information and a trustworthiness level; and the transceiver unit 801 may be further configured to receive identification information of a second NF from the DNS. The identification information of the second NF may be carried in a fifth response message or the like.
  • the processing unit 802 may be one or more processors, and the transceiver unit 801 may be a transceiver; or the transceiver unit 801 may be a sending unit and a receiving unit, the sending unit may be a transmitter, the receiving unit may be a receiver, and the sending unit and the receiving unit are integrated into one component, for example, a transceiver.
  • the processing unit 802 may be one or more processors, or the processing unit 802 may be a processing circuit or the like.
  • the transceiver unit 801 may be an input/output interface, which is also referred to as a communication interface, an interface circuit, an interface, or the like.
  • the transceiver unit 801 may be a sending unit and a receiving unit, the sending unit may be an output interface, the receiving unit may be an input interface, and the sending unit and the receiving unit are integrated into one unit, for example, an input/output interface. It may be understood that when the communication apparatus is any one of a third NF, a fourth NF, an NRF, an NSSF, or a DNS, the descriptions are all applicable to a communication apparatus described below.
  • the communication apparatus in this embodiment of this application may perform any function performed by the first NF in the foregoing method embodiments.
  • steps and/or functions that may be performed refer to detailed descriptions in the foregoing method embodiments. Only brief descriptions are provided herein, and details are not described again.
  • the communication apparatus may be the first NF in the foregoing method embodiments, and the first NF may be a core device.
  • the transceiver unit 801 may be implemented by using a transceiver
  • the processing unit 802 may be implemented by using a processor.
  • FIG. 9 is still used.
  • the communication apparatus 90 includes one or more processors 920 and a transceiver 910. The processor and the transceiver may be configured to perform a function, an operation, or the like performed by the first NF.
  • the transceiver may be configured to send a first request message to a third NF, and receive a first response message from the third NF.
  • the processor may be configured to: if the first response message carries first indication information, generate a root key based on second pseudonym information; or the processor may be configured to: if the first response message carries second indication information, generate a user plane key based on second pseudonym information.
  • the transceiver may be further configured to send the first indication information and/or the second indication information to a terminal device.
  • the transceiver may be further configured to send the user plane key to a user plane function.
  • the transceiver may be configured to send a third request message to an NRF, and receive a third response message from the NRF.
  • the processor may be configured to obtain a trustworthiness attribute of a first user identifier; and determine a trustworthiness level based on the trustworthiness attribute of the first user identifier.
  • the transceiver may be further configured to send a fourth request message to an NSSF, and receive a fourth response message sent by the NSSF.
  • the transceiver may be further configured to send a registration request message to an NRF.
  • the transceiver may be further configured to send a fifth request message to the DNS, and receive identification information of a second NF from the DNS.
  • the communication apparatus being the first NF
  • the core device may further have more components than those in FIG. 9 .
  • the core device shown in FIG. 9 may further include an antenna. This is not limited in this embodiment of this application.
  • the communication apparatus may be a circuit system in the first NF.
  • the processing unit 802 may be implemented by using a processing circuit
  • the transceiver unit 801 is implemented by using an interface circuit.
  • the communication apparatus may include a processing circuit 1002 and an interface circuit 1001.
  • the processing circuit 1002 may be a chip, a logic circuit, an integrated circuit, a processing circuit, a system on chip (system on chip, SoC), or the like.
  • the interface circuit 1001 may be a communication interface, an input/output interface, or the like.
  • the interface circuit may be configured to obtain a first response message, a third response message, or a fourth response message.
  • the interface circuit may be configured to obtain identification information of a second NF.
  • the interface circuit may be configured to output a first request message, first indication information, second indication information, a user plane key, a third request message, a fourth request message, a fifth request message, or a registration request message.
  • the processing circuit may be configured to generate a root key or a user plane key based on second pseudonym information.
  • the processing circuit may be further configured to obtain a trustworthiness attribute of a first user identifier; and determine a trustworthiness level based on the trustworthiness attribute of the first user identifier.
  • processing circuit and the interface circuit refer to the methods shown in FIG. 2A and FIG. 2B to FIG. 7b . Details are not described herein again. It may be understood that for more descriptions of the circuit system in the communication apparatus being the first NF, refer to the descriptions of the circuit system in the communication apparatus being the terminal device. Details are not described herein again.
  • FIG. 8 is still used.
  • FIG. 8 is a schematic diagram of a structure of a communication apparatus according to an embodiment of this application.
  • the communication apparatus may be configured to perform operations performed by the third NF in the foregoing method embodiments.
  • the communication apparatus may be configured to perform the methods performed by the third NF in FIG. 2A and FIG. 2B to FIG. 6d .
  • the communication apparatus may be further configured to perform the method performed by the trustworthy data NF in FIG. 7a .
  • the communication apparatus includes a transceiver unit 801 and a processing unit 802.
  • the transceiver unit 801 may be configured to receive a first request message from a first NF; the processing unit 802 may be configured to determine a trustworthiness attribute of a first user identifier; and the transceiver unit 801 is further configured to send a first response message to the first NF.
  • the processing unit 802 may be further configured to obtain a first user identifier based on first pseudonym information, and generate second pseudonym information based on the first user identifier.
  • processing unit 802 may be further configured to control a memory to store a correspondence between the second pseudonym information and the first user identifier.
  • the transceiver unit 801 may be further configured to send a second request message to a fourth NF, and receive second pseudonym information from the fourth NF.
  • the processing unit 802 may be one or more processors, and the transceiver unit 801 may be a transceiver; or the transceiver unit 801 may be a sending unit and a receiving unit, the sending unit may be a transmitter, the receiving unit may be a receiver, and the sending unit and the receiving unit are integrated into one component, for example, a transceiver.
  • the processing unit 802 may be one or more processors, or the processing unit 802 may be a processing circuit or the like.
  • the transceiver unit 801 may be an input/output interface, which is also referred to as a communication interface, an interface circuit, an interface, or the like.
  • the transceiver unit 801 may be a sending unit and a receiving unit, the sending unit may be an output interface, the receiving unit may be an input interface, and the sending unit and the receiving unit are integrated into one unit, for example, an input/output interface.
  • the communication apparatus may be the third NF in the foregoing method embodiments, and the third NF may be a core device.
  • the transceiver unit 801 may be implemented by using a transceiver
  • the processing unit 802 may be implemented by using a processor.
  • FIG. 9 is still used.
  • the communication apparatus 90 includes one or more processors 920 and a transceiver 910. The processor and the transceiver may be configured to perform a function, an operation, or the like performed by the third NF.
  • the transceiver may be configured to receive a first request message from a first NF; the processor may be configured to determine a trustworthiness attribute of a first user identifier; and the transceiver is further configured to send a first response message to the first NF.
  • the processor may be further configured to obtain a first user identifier based on first pseudonym information, and generate second pseudonym information based on the first user identifier.
  • the processor may be further configured to control a memory to store a correspondence between the second pseudonym information and the first user identifier.
  • a memory may directly store a correspondence between the second pseudonym information and the first user identifier.
  • the transceiver may be further configured to send a second request message to a fourth NF, and receive second pseudonym information from the fourth NF.
  • the communication apparatus may be a circuit system (or a chip, an integrated circuit, or the like) in a third NF.
  • the processing unit 802 may be implemented by using a processing circuit
  • the transceiver unit 801 is implemented by using an interface circuit.
  • the communication apparatus may include a processing circuit 1002 and an interface circuit 1001.
  • the processing circuit 1002 may be a chip, a logic circuit, an integrated circuit, a processing circuit, a system on chip (system on chip, SoC), or the like.
  • the interface circuit 1001 may be a communication interface, an input/output interface, or the like.
  • the interface circuit may be configured to obtain a first request message; the processing circuit may be configured to determine a trustworthiness attribute of a first user identifier; and the interface circuit is further configured to output a first response message.
  • the processing circuit may be further configured to obtain a first user identifier based on first pseudonym information, and generate second pseudonym information based on the first user identifier.
  • the processing circuit may be further configured to control a memory to store a correspondence between the second pseudonym information and the first user identifier.
  • the interface circuit may be further configured to output a second request message, and obtain second pseudonym information.
  • the communication apparatus in this embodiment of this application may perform any function performed by the third NF in the foregoing method embodiments.
  • steps and/or functions that may be performed refer to detailed descriptions in the foregoing method embodiments. Only brief descriptions are provided herein, and details are not described again.
  • FIG. 8 is still used.
  • FIG. 8 is a schematic diagram of a structure of a communication apparatus according to an embodiment of this application.
  • the communication apparatus may be configured to perform operations performed by the fourth NF in the foregoing method embodiments.
  • the communication apparatus may be configured to perform the methods performed by the fourth NF in FIG. 2A and FIG. 2B to FIG. 6d .
  • the communication apparatus may be further configured to perform the method performed by the trustworthy data NF in FIG. 7a .
  • the communication apparatus includes a transceiver unit 801 and a processing unit 802.
  • the transceiver unit 801 is configured to receive a second request message from a third NF, where the second request message carries first pseudonym information of a first user identifier of a terminal device.
  • the processing unit 802 is configured to: in response to the second request message, obtain the first user identifier based on the first pseudonym information, and generate second pseudonym information based on the first user identifier.
  • the transceiver unit 801 may be further configured to send the second pseudonym information to the third NF.
  • the processing unit 802 may be further configured to store a correspondence between the second pseudonym information and the first user identifier.
  • the communication apparatus may be the fourth NF (for example, the core device) in the foregoing method embodiments.
  • the transceiver unit 801 may be implemented by using a transceiver
  • the processing unit 802 may be implemented by using a processor.
  • the communication apparatus 90 includes one or more processors 920 and a transceiver 910. The processor and the transceiver may be configured to perform a function, an operation, or the like performed by the fourth NF.
  • the transceiver is configured to receive a second request message from a third NF, where the second request message carries first pseudonym information of a first user identifier of a terminal device; the processor is configured to: in response to the second request message, obtain the first user identifier based on the first pseudonym information, and generate second pseudonym information based on the first user identifier; and the transceiver may be further configured to send the second pseudonym information to the third NF.
  • the processor may be further configured to control a memory to store a correspondence between the second pseudonym information and the first user identifier.
  • the communication apparatus may be a circuit system in the fourth NF.
  • the processing unit 802 may be implemented by using a processing circuit
  • the transceiver unit 801 is implemented by using an interface circuit.
  • the communication apparatus may include a processing circuit 1002 and an interface circuit 1001.
  • the interface circuit may be configured to obtain a second request message, where the second request message carries first pseudonym information of a first user identifier of a terminal device; the processing circuit may be configured to: in response to the second request message, obtain the first user identifier based on the first pseudonym information, and generate second pseudonym information based on the first user identifier; and the interface circuit may be further configured to output the second pseudonym information.
  • the processing circuit may be further configured to control a memory to store a correspondence between the second pseudonym information and the first user identifier.
  • a memory may directly store a correspondence between the second pseudonym information and the first user identifier.
  • FIG. 8 is still used.
  • the communication apparatus may be configured to perform operations performed by the NRF in the foregoing method embodiments.
  • the communication apparatus may be configured to perform the methods performed by the NRF in FIG. 2A and FIG. 2B to FIG. 6d .
  • the communication apparatus may be further configured to perform the method performed by the trustworthy control NF in FIG. 7a .
  • the communication apparatus includes a transceiver unit 801 and a processing unit 802.
  • the transceiver unit 801 may be configured to receive a third request message from a first NF; the processing unit 802 may be configured to determine a second NF based on a trustworthiness level; and the transceiver unit 801 may be further configured to send a third response message to the first NF.
  • the transceiver unit 801 may be further configured to receive a registration request message sent by the second NF; and the processing unit 802 may be further configured to store a correspondence between identification information of the second NF and a trustworthiness level of the second NF.
  • the processing unit 802 is specifically configured to determine the second NF based on the stored correspondence between the identification information of the second NF and the trustworthiness level of the second NF, and the trustworthiness level carried in the third request message.
  • that the third request message carries a trustworthiness level includes: the third request message carries a trustworthiness level of a first slice, and the third request message further carries identification information of the first slice.
  • the processing unit 802 is specifically configured to determine, based on the identification information of the first slice, a second NF set corresponding to the first slice, and determine the second NF from the second NF set based on a stored correspondence between identification information of an NF and a trustworthiness level of the NF, and the trustworthiness level of the first slice.
  • that the third request message carries a trustworthiness level includes: the third request message carries a trustworthiness level of a second NF set, and the third request message further carries identification information of the second NF set.
  • the processing unit 802 is specifically configured to determine the second NF from the second NF set based on a stored correspondence between identification information of an NF and a trustworthiness level of the NF, and the trustworthiness level of the second NF set.
  • the transceiver unit 801 may be further configured to receive a registration request message from the first NF, where the registration request message carries a trustworthiness level of the first NF; and the processing unit 802 may be further configured to store a correspondence between identification information of the first NF and the trustworthiness level of the first NF.
  • the communication apparatus may be the NRF in the foregoing method embodiments, and the NRF may be a core device.
  • the transceiver unit 801 may be implemented by using a transceiver
  • the processing unit 802 may be implemented by using a processor.
  • FIG. 9 is still used.
  • the communication apparatus 90 includes one or more processors 920 and a transceiver 910. The processor and the transceiver may be configured to perform a function, an operation, or the like performed by the NRF.
  • the transceiver may be configured to receive a third request message from a first NF; the processor may be configured to determine a second NF based on a trustworthiness level; and the transceiver may be further configured to send a third response message to the first NF.
  • the transceiver may be further configured to receive a registration request message sent by a second NF; and the processor may be further configured to store a correspondence between identification information of the second NF and a trustworthiness level of the second NF.
  • the transceiver may be further configured to receive a registration request message from a first NF, where the registration request message carries a trustworthiness level of the first NF; and the processor may be further configured to store a correspondence between identification information of the first NF and the trustworthiness level of the first NF.
  • the communication apparatus may be a circuit system in the NRF
  • the processing unit 802 may be implemented by using a processing circuit
  • the transceiver unit 801 is implemented by using an interface circuit.
  • the communication apparatus may include a processing circuit 1002 and an interface circuit 1001.
  • the processing circuit 1002 may be a chip, a logic circuit, an integrated circuit, a processing circuit, a system on chip (system on chip, SoC), or the like.
  • the interface circuit 1001 may be a communication interface, an input/output interface, or the like.
  • the interface circuit may be configured to obtain a third request message; the processing circuit may be configured to determine a second NF based on a trustworthiness level; and the interface circuit may be further configured to output a third response message.
  • the interface circuit may be further configured to obtain a registration request message.
  • FIG. 8 is still used.
  • the communication apparatus may be configured to perform operations performed by the NSSF in the foregoing method embodiments.
  • the communication apparatus may be configured to perform the methods performed by the NSSF in FIG. 2A and FIG. 2B to FIG. 6d .
  • the communication apparatus may be further configured to perform the method performed by the trustworthy control NF in FIG. 7a .
  • the communication apparatus includes a transceiver unit 801 and a processing unit 802.
  • the transceiver unit 801 may be configured to: receive a fourth request message sent by a first NF, where the fourth request message carries identification information of a first slice; and send a fourth response message to the first NF, where the fourth response message carries a trustworthiness level of the first slice; or the fourth response message carries identification information of a second NF set and a trustworthiness level of the second NF set, and the second NF set is an NF set corresponding to the first slice.
  • the processing unit 802 may be configured to determine the trustworthiness level of the first slice based on first preconfiguration information and the identification information of the first slice, where the first preconfiguration information includes a correspondence between the trustworthiness level of the first slice and the identification information of the first slice.
  • the processing unit 802 may be further configured to determine the trustworthiness level of the second NF set based on second preconfiguration information and the identification information of the first slice, where the second preconfiguration information includes a correspondence between the identification information of the second NF set and the trustworthiness level of the second NF set.
  • the communication apparatus may be the NSSF in the foregoing method embodiments, and the NSSF may be a core device.
  • the transceiver unit 801 may be implemented by using a transceiver
  • the processing unit 802 may be implemented by using a processor.
  • FIG. 9 is still used.
  • the communication apparatus 90 includes one or more processors 920 and a transceiver 910. The processor and the transceiver may be configured to perform a function, an operation, or the like performed by the NSSF.
  • the transceiver may be configured to: receive a fourth request message sent by a first NF, where the fourth request message carries identification information of a first slice; and send a fourth response message to the first NF, where the fourth response message carries a trustworthiness level of the first slice; or the fourth response message carries identification information of a second NF set and a trustworthiness level of the second NF set, and the second NF set is an NF set corresponding to the first slice.
  • the processor 802 may be configured to determine the trustworthiness level of the first slice based on first preconfiguration information and the identification information of the first slice, where the first preconfiguration information includes a correspondence between the trustworthiness level of the first slice and the identification information of the first slice.
  • the processor 802 may be further configured to determine the trustworthiness level of the second NF set based on second preconfiguration information and the identification information of the first slice, where the second preconfiguration information includes a correspondence between the identification information of the second NF set and the trustworthiness level of the second NF set.
  • the communication apparatus may be a circuit system in the NSSF.
  • the processing unit 802 may be implemented by using a processing circuit
  • the transceiver unit 801 is implemented by using an interface circuit.
  • the communication apparatus may include a processing circuit 1002 and an interface circuit 1001.
  • the processing circuit 1002 may be a chip, a logic circuit, an integrated circuit, a processing circuit, a system on chip (system on chip, SoC), or the like.
  • the interface circuit 1001 may be a communication interface, an input/output interface, or the like.
  • the interface circuit may be configured to obtain a fourth request message, and output a fourth response message.
  • the processing circuitry may be configured to determine a trustworthiness level of a first slice, a trustworthiness level of a second NF set, or the like.
  • FIG. 8 is still used.
  • the communication apparatus may be further configured to perform operations performed by the DNS in the foregoing method embodiments.
  • the transceiver unit 801 may be configured to receive a fifth request message from a first NF, where the fifth request message carries domain name information and a trustworthiness level;
  • the processing unit 802 may be configured to: in response to the fifth request message, determine a second NF based on the domain name information and the trustworthiness level; and the transceiver unit 801 may be further configured to send identification information of the second NF to the first NF.
  • the processing unit 802 may be implemented by using a processor, and the transceiver unit 801 may be implemented by using a transceiver.
  • the processor and the transceiver may be configured to perform a function, an operation, or the like performed by the DNS.
  • the transceiver may be configured to receive a fifth request message; the processor may be configured to determine a second NF based on domain name information and a trustworthiness level; and the transceiver may be further configured to send identification information of the second NF to a first NF.
  • the processing unit 802 may alternatively be implemented by using a processing circuit, and the transceiver unit 801 may alternatively be implemented by using an interface circuit.
  • the interface circuit may be configured to obtain a fifth request message; the processing circuit may be configured to determine a second NF based on domain name information and a trustworthiness level; and the interface circuit may be further configured to output identification information of the second NF.
  • the communication apparatus in this embodiment of this application may perform any function performed by the DNS in the foregoing method embodiments.
  • steps and/or functions that may be performed refer to detailed descriptions in the foregoing method embodiments. Only brief descriptions are provided herein, and details are not described again.
  • FIG. 11 is a schematic diagram of a wireless communication system according to an embodiment of this application.
  • the wireless communication system may include a first NF, a third NF, an NRF, and an NSSF. Further, the wireless communication system may further include a fourth NF (not shown in FIG. 11 ), a terminal device (not shown in FIG. 11 ), a second NF, and the like. Further, the wireless communication system may further include a DNS (not shown in FIG. 11 ) and the like.
  • a step or a function performed by each NF refer to the foregoing embodiments. Details are not described herein again.
  • the disclosed system, apparatus, and method may be implemented in other manners.
  • the described apparatus embodiment is merely an example.
  • division into the units is merely logical function division and may be other division during actual implementation.
  • a plurality of units or components may be combined or integrated into another system, or some features may be ignored or not performed.
  • the displayed or discussed mutual couplings or direct couplings or communication connections may be implemented through some interfaces.
  • the indirect couplings or communication connections between the apparatuses or units may be implemented in electrical, mechanical, or other forms.
  • the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located at one position, or may be distributed on a plurality of network units. Some or all of the units may be selected based on actual requirements to achieve technical effects of the solutions provided in embodiments of this application.
  • function units in embodiments of this application may be integrated into one processing unit, each of the units may exist alone physically, or two or more units may be integrated into one unit.
  • the integrated unit may be implemented in a form of hardware, or may be implemented in a form of a software functional unit.
  • the integrated unit When the integrated unit is implemented in the form of the software function unit and sold or used as an independent product, the integrated unit may be stored in a computer-readable storage medium.
  • the technical solutions in this application essentially, or the part contributing to the conventional technology, or all or a part of the technical solutions may be implemented in a form of a software product.
  • the computer software product is stored in a readable storage medium and includes several instructions for instructing a computer device (which may be a personal computer, a server, a network device, or the like) to perform all or a part of the steps of the methods in embodiments of this application.
  • the foregoing readable storage medium includes any medium that can store program code, such as a USB flash drive, a removable hard disk, a read-only memory (read-only memory, ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disc.
  • program code such as a USB flash drive, a removable hard disk, a read-only memory (read-only memory, ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disc.
  • this application further provides a computer program.
  • the computer program is configured to implement an operation and/or processing performed by the first NF in the secure communication method provided in this application.
  • This application further provides a computer program.
  • the computer program is configured to implement an operation and/or processing performed by the third NF in the secure communication method provided in this application.
  • This application further provides a computer program.
  • the computer program is configured to implement an operation and/or processing performed by the NRF in the secure communication method provided in this application.
  • This application further provides a computer program.
  • the computer program is configured to implement an operation and/or processing performed by the NSSF in the secure communication method provided in this application.
  • This application further provides a computer program.
  • the computer program is configured to implement an operation and/or processing performed by the terminal device in the secure communication method provided in this application.
  • This application further provides a computer program.
  • the computer program is configured to implement an operation and/or processing performed by the fourth NF in the secure communication method provided in this application.
  • This application further provides a computer program.
  • the computer program is configured to implement an operation and/or processing performed by the DNS in the secure communication method provided in this application.
  • This application further provides a computer-readable storage medium.
  • the computer-readable storage medium stores computer code.
  • the computer code When the computer code is run on a computer, the computer is enabled to perform an operation and/or processing performed by the first NF in the secure communication method provided in this application.
  • This application further provides a computer-readable storage medium.
  • the computer-readable storage medium stores computer code.
  • the computer code When the computer code is run on a computer, the computer is enabled to perform an operation and/or processing performed by the third NF in the secure communication method provided in this application.
  • This application further provides a computer-readable storage medium.
  • the computer-readable storage medium stores computer code.
  • the computer code When the computer code is run on a computer, the computer is enabled to perform an operation and/or processing performed by the NRF in the secure communication method provided in this application.
  • This application further provides a computer-readable storage medium.
  • the computer-readable storage medium stores computer code.
  • the computer code When the computer code is run on a computer, the computer is enabled to perform an operation and/or processing performed by the NSSF in the secure communication method provided in this application.
  • This application further provides a computer-readable storage medium.
  • the computer-readable storage medium stores computer code.
  • the computer code When the computer code is run on a computer, the computer is enabled to perform an operation and/or processing performed by the terminal device in the secure communication method provided in this application.
  • This application further provides a computer-readable storage medium.
  • the computer-readable storage medium stores computer code.
  • the computer code When the computer code is run on a computer, the computer is enabled to perform an operation and/or processing performed by the fourth NF in the secure communication method provided in this application.
  • This application further provides a computer-readable storage medium.
  • the computer-readable storage medium stores computer code.
  • the computer code When the computer code is run on a computer, the computer is enabled to perform an operation and/or processing performed by the DNS in the secure communication method provided in this application.
  • the application further provides a computer program product.
  • the computer program product includes computer code or a computer program.
  • an operation and/or processing performed by the first NF in the secure communication method provided in this application are/is implemented.
  • the application further provides a computer program product.
  • the computer program product includes computer code or a computer program.
  • an operation and/or processing performed by the third NF in the secure communication method provided in this application are/is implemented.
  • the computer program product includes computer code or a computer program.
  • the computer code or the computer program is run on a computer, an operation and/or processing performed by the NRF in the secure communication method provided in this application are/is implemented.
  • the computer program product includes computer code or a computer program.
  • the computer code or the computer program is run on a computer, an operation and/or processing performed by the NSSF in the secure communication method provided in this application are/is implemented.
  • the application further provides a computer program product.
  • the computer program product includes computer code or a computer program.
  • the computer code or the computer program is run on a computer, an operation and/or processing performed by the terminal device in the secure communication method provided in this application are/is implemented.
  • the application further provides a computer program product.
  • the computer program product includes computer code or a computer program.
  • an operation and/or processing performed by the fourth NF in the secure communication method provided in this application are/is implemented.
  • the computer program product includes computer code or a computer program.
  • the computer code or the computer program is run on a computer, an operation and/or processing performed by the DNS in the secure communication method provided in this application are/is implemented.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
EP21796960.9A 2020-04-27 2021-04-25 Procédé et dispositif de communication sécurisée Pending EP4135376A4 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN202010345953 2020-04-27
CN202010389032.0A CN113645621B (zh) 2020-04-27 2020-05-09 一种安全通信方法及装置
PCT/CN2021/089589 WO2021218851A1 (fr) 2020-04-27 2021-04-25 Procédé et dispositif de communication sécurisée

Publications (2)

Publication Number Publication Date
EP4135376A1 true EP4135376A1 (fr) 2023-02-15
EP4135376A4 EP4135376A4 (fr) 2024-01-03

Family

ID=78374064

Family Applications (1)

Application Number Title Priority Date Filing Date
EP21796960.9A Pending EP4135376A4 (fr) 2020-04-27 2021-04-25 Procédé et dispositif de communication sécurisée

Country Status (2)

Country Link
EP (1) EP4135376A4 (fr)
WO (1) WO2021218851A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024043812A1 (fr) * 2022-08-26 2024-02-29 Telefonaktiebolaget Lm Ericsson (Publ) Contrôle d'accès basé sur la confiance dans réseau de communication
CN117692902A (zh) * 2024-02-02 2024-03-12 深圳市迈腾电子有限公司 一种基于嵌入式家庭网关的智能家居的交互方法及系统

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016209126A1 (fr) * 2015-06-23 2016-12-29 Telefonaktiebolaget Lm Ericsson (Publ) Procédés, nœuds de réseau, entité mobile, programmes informatiques et produits-programmes informatiques de protection de la vie privée d'une entité mobile
CN109673037B (zh) * 2017-10-17 2021-04-20 华为技术有限公司 一种网络功能发现方法及设备
CN109729522A (zh) * 2017-10-27 2019-05-07 普天信息技术有限公司 故障弱化模式下的空口加密方法及装置
CN110912640B (zh) * 2018-09-17 2021-07-16 华为技术有限公司 信令传输的接口兼容方法及装置

Also Published As

Publication number Publication date
WO2021218851A1 (fr) 2021-11-04
EP4135376A4 (fr) 2024-01-03

Similar Documents

Publication Publication Date Title
EP3820181A1 (fr) Procédé et dispositif permettant des conversations sécurisées
US11510052B2 (en) Identity information processing method, device, and system
US11871223B2 (en) Authentication method and apparatus and device
US20230048066A1 (en) Slice authentication method and apparatus
EP4135376A1 (fr) Procédé et dispositif de communication sécurisée
WO2020217224A1 (fr) Comportement amf et scp dans la découverte déléguée de pcf
US11956715B2 (en) Communications method and apparatus
US20220086145A1 (en) Secondary Authentication Method And Apparatus
US20230132454A1 (en) Method and apparatus for supporting edge computing service for roaming ue in wireless communication system
WO2023016160A1 (fr) Procédé d'établissement de session et appareil associé
US20220264435A1 (en) Access control method and communications apparatus
WO2022242452A1 (fr) Procédé de communication, appareil de communication et support de stockage lisible par ordinateur
WO2021073382A1 (fr) Appareil et procédé d'enregistrement
CN113645621B (zh) 一种安全通信方法及装置
US20240163670A1 (en) Wireless communication method and apparatus
US20230102604A1 (en) Slice service verification method and apparatus
US11432158B2 (en) Systems and methods for using a unique routing indicator to connect to a network
US20230224310A1 (en) Data analysis method and apparatus
WO2021253859A1 (fr) Procédé et système d'authentification de tranche
US20240137757A1 (en) Systems and methods for authorization of proximity based services
WO2020215272A1 (fr) Procédé de communication, appareil de communication et système de communication
JP2022502908A (ja) Nasメッセージのセキュリティ保護のためのシステム及び方法
CN115706973A (zh) 一种安全通信的方法及通信装置
CN117062055A (zh) 安全保护方法及通信装置

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20221111

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
RIC1 Information provided on ipc code assigned before grant

Ipc: H04W 12/75 20210101ALI20230811BHEP

Ipc: H04W 12/086 20210101ALI20230811BHEP

Ipc: H04W 12/041 20210101ALI20230811BHEP

Ipc: H04W 12/037 20210101ALI20230811BHEP

Ipc: H04W 12/02 20090101AFI20230811BHEP

A4 Supplementary search report drawn up and despatched

Effective date: 20231206

RIC1 Information provided on ipc code assigned before grant

Ipc: H04W 12/75 20210101ALI20231130BHEP

Ipc: H04W 12/086 20210101ALI20231130BHEP

Ipc: H04W 12/041 20210101ALI20231130BHEP

Ipc: H04W 12/037 20210101ALI20231130BHEP

Ipc: H04W 12/02 20090101AFI20231130BHEP